[SR-Users] ims ipsec connectivity
Oleg Belousov
obelousov at gmail.com
Wed Nov 23 16:07:12 CET 2022
Hi,
Thank you, Carsten, the issue was due to NAT, registration is fine when
deploy ims in the same network as epc.
--
obelousov.tel
On Mon, Nov 14, 2022 at 4:43 PM Carsten Bock <carsten at ng-voice.com> wrote:
> Hi,
>
> be aware, that IPSec for VoLTE does not work for NAT.
>
> Thanks,
> Carsten
> --
> Carsten Bock I CTO & Founder
>
> ng-voice GmbH
>
> Trostbrücke 1 I 20457 Hamburg I Germany
> T +49 179 2021244 I www.ng-voice.com
>
> Registry Office at Local Court Hamburg, HRB 120189
> Managing Directors: Dr. David Bachmann, Carsten Bock
>
>
> Am Mo., 14. Nov. 2022 um 16:09 Uhr schrieb Oleg Belousov <
> obelousov at gmail.com>:
>
>> Hi, Hossein.
>> Increased privileges for proxy container, now can see records in both SPD
>> and SAD, but still ipsec is not established. Possible because UE is behind
>> NAY - will check that either. Thanks for your advice.
>> # ip xfrm state count
>> SAD count 28
>> # ip xfrm policy count
>> SPD IN 16 OUT 16 FWD 0
>>
>> Hi, Giovanni.
>> Thank you. Yes, I saw that fork and am going to try it as well. Not quite
>> clear why those patches not included onto the main release.
>> --
>> obelousov.tel
>>
>>
>> On Mon, Nov 14, 2022 at 11:07 AM Giovanni Maruzzelli <gmaruzz at gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> you may also want to check Supreeth ipsec patches :
>>>
>>> https://github.com/herlesupreeth/kamailio
>>>
>>> -giovanni
>>>
>>> On Fri, Nov 11, 2022 at 1:44 PM Oleg Belousov <obelousov at gmail.com>
>>> wrote:
>>>
>>>> Hi, Hossein.
>>>> No, there are not. The output of these two commands is just empty.
>>>> Should enable it?
>>>> --
>>>> obelousov.tel
>>>>
>>>>
>>>> On Thu, Nov 10, 2022 at 9:08 PM H Yavari <hyavari at rocketmail.com>
>>>> wrote:
>>>>
>>>>> Hi Oleg,
>>>>>
>>>>> Can you check the ipsec SA in the OS and see that SA and policies are
>>>>> there or not:
>>>>> >> ip x s l
>>>>> >> ip x p l
>>>>>
>>>>> BR,
>>>>> Hossein
>>>>>
>>>>> On Thursday, November 10, 2022 at 03:12:34 AM PST, Oleg Belousov <
>>>>> obelousov at gmail.com> wrote:
>>>>>
>>>>>
>>>>> Hi.
>>>>> Working on ims integration with the actual handset, have got a
>>>>> problem with ipsec establishment to complete registration.
>>>>>
>>>>> Initial steps are fine, including diameter exchange and 401 (with
>>>>> security server details) toward UE. On the next step UE and kamailio should
>>>>> establish ipsec connection, and UE to submit the next register with a
>>>>> response. As per trace UE is trying to establish the same (can see initial
>>>>> TCP SYN encapsulated onto ESP), using port-s, provided in Security-Server,
>>>>> but get an ICMP packet from server with destination/protocol unreachable.
>>>>> No more info either in P-SCSF log, no in kern.log. Proxy is listening to
>>>>> that port, it is tcp and available over telnet, so should not be a
>>>>> connectivity issue.
>>>>> Please let know if any ideas how to troubleshoot that further,
>>>>> --
>>>>> obelousov.tel
>>>>> __________________________________________________________
>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>> sr-users at lists.kamailio.org
>>>>> Important: keep the mailing list in the recipients, do not reply only
>>>>> to the sender!
>>>>> Edit mailing list options or unsubscribe:
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>> __________________________________________________________
>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>> sr-users at lists.kamailio.org
>>>>> Important: keep the mailing list in the recipients, do not reply only
>>>>> to the sender!
>>>>> Edit mailing list options or unsubscribe:
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>
>>>
>>> --
>>> Sincerely,
>>>
>>> Giovanni Maruzzelli
>>> OpenTelecom.IT
>>> cell: +39 347 266 56 18
>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>> sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221123/2d5e3c0f/attachment.htm>
More information about the sr-users
mailing list