[SR-Users] relay sip-tls vs sips-tcp

beer Ll llcfhllml at gmail.com
Wed Oct 12 15:35:12 CEST 2022 

Hi everyone,
I'm using Kamailio as TLS gateway/filter for an internal Asterisk server

the network schema is  :

UAC (tls) --- INTERNET  --- (tls) KAMAILIO (sip udp) --- LAN --- (sip udp)
ASTERISK

with kamailio in multi-homed mode

WAN network interface for sip tls
LAN network interface for sip udp  to asterisk server


UAC address 80.0.0.1
KAMAILIO Wan address 80.0.0.2

KAMAILIO Lan address 172.16.0.2
ASTERISK Lan address 172.16.0.3



SIP-TLS call example
If the UAC use tls(sip) all works good

[image: sip-ok-small.jpeg]

SIPS call example
If the same UAC use his default settings tls(sips)  , there are problems
with ACK and BYE packet

[image: sip-ko-small.jpeg]
the SIP OK SDP packet from kamailio to UAC  is

2022/10/10 09:28:47.854721 80.0.0.2:5061 -> 80.0.0.1:49992
SIP/2.0 200 OK
Via: SIP/2.0/TLS 192.168.0.1:49992
;rport=49992;received=80.0.0.1;branch=z9hG4bKM01j360VrBdH5VSV
Record-Route: <sip:172.16.0.1:5060
;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
Record-Route: <sip:80.0.0.2:5061
;transport=tls;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
Call-ID: 1EC2AB679C1EA1BAB60FD03B09F878020B12D3E7
From: <sips:200 at pbx.voip.com>;tag=F798336AA08EF9FCFA89D3BDFE0C8C8F
To: <sips:*43 at pbx.voip.com>;tag=961d0e22-a4f0-453c-9870-6a41578afc96
CSeq: 2 INVITE
Contact: <sip:172.16.0.2:5060>
P-Asserted-Identity: "xxxxxxxxx" <sips:*43 at pbx.voip.com>
Content-Type: application/sdp


and the UAC send the ACK and BYE from a different tcp port and to:
sips:172.16.0.2:5060;transport=tcp


2022/10/10 09:28:48.495365 80.0.0.1:49996 -> 80.0.0.2:5061
ACK sips:172.16.0.2:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TLS 192.168.0.1:49996;branch=z9hG4bKppftdQze20lnwT41;rport
Route: <sip:80.0.0.2:5061
;transport=tls;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
Route: <sip:172.16.0.1:5060;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
Max-Forwards: 70
To: <sips:*43 at pbx.voip.com>;tag=961d0e22-a4f0-453c-9870-6a41578afc96
From: <sips:200 at pbx.voip.com>;tag=F798336AA08EF9FCFA89D3BDFE0C8C8F
Call-ID: 1EC2AB679C1EA1BAB60FD03B09F878020B12D3E7
CSeq: 2 ACK


kamailio error log
WARNING:  <core> [core/forward.c:229]: get_send_socket2(): protocol/port
mismatch (forced udp:172.16.0.2:5060, to tls:172.16.0.3:5060)




How can I solve this ?

Best Regards

Leo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221012/02850811/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sip-ok-small.jpeg
Type: image/jpeg
Size: 77945 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221012/02850811/attachment.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sip-ko-small.jpeg
Type: image/jpeg
Size: 112908 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221012/02850811/attachment-0001.jpeg>

More information about the sr-users mailing list