[SR-Users] relay sip-tls vs sips-tcp

James Browne james at frideo.com
Tue Oct 18 21:36:33 CEST 2022 

You make calls using SIP over TLS and it's OK.
You make calls using SIPS and it's not OK.

The 200-OK Contact is this
- Contact: <sip:172.16.0.2:5060>

The RURI in the ACK is this.
- sips:172.16.0.2:5060;transport=tcp SIP/2.0

The client should be using _exactly_ the same URI in the ACK as was in the
Contact in the 200-OK response. The client is getting it wrong (
https://datatracker.ietf.org/doc/html/rfc3261#section-12.2.1.1).

With the ACK, the Routeset is this.
- ACK sips:172.16.0.2:5060;transport=tcp SIP/2.0
- Route: <sip:80.0.0.2:5061
;transport=tls;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
- Route: <sip:172.16.0.1:5060
;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>

This is asking kamailio to send the ACK to 172.16.0.2 over TLS on port 5060
(from the RURI), but use a UDP socket to do it (the second Route header
field). This can't work. The client should be fixed.
(Else you may try getting asterisk to use sips, but maybe that's not going
to be easy.)

James

On Thu, 13 Oct 2022 at 06:30, beer Ll <llcfhllml at gmail.com> wrote:

> Hi everyone,
> I'm using Kamailio as TLS gateway/filter for an internal Asterisk server
>
> the network schema is  :
>
> UAC (tls) --- INTERNET  --- (tls) KAMAILIO (sip udp) --- LAN --- (sip udp)
> ASTERISK
>
> with kamailio in multi-homed mode
>
> WAN network interface for sip tls
> LAN network interface for sip udp  to asterisk server
>
>
> UAC address 80.0.0.1
> KAMAILIO Wan address 80.0.0.2
>
> KAMAILIO Lan address 172.16.0.2
> ASTERISK Lan address 172.16.0.3
>
>
>
> SIP-TLS call example
> If the UAC use tls(sip) all works good
>
> [image: sip-ok-small.jpeg]
>
> SIPS call example
> If the same UAC use his default settings tls(sips)  , there are problems
> with ACK and BYE packet
>
> [image: sip-ko-small.jpeg]
> the SIP OK SDP packet from kamailio to UAC  is
>
> 2022/10/10 09:28:47.854721 80.0.0.2:5061 -> 80.0.0.1:49992
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 192.168.0.1:49992
> ;rport=49992;received=80.0.0.1;branch=z9hG4bKM01j360VrBdH5VSV
> Record-Route: <sip:172.16.0.1:5060
> ;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
> Record-Route: <sip:80.0.0.2:5061
> ;transport=tls;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
> Call-ID: 1EC2AB679C1EA1BAB60FD03B09F878020B12D3E7
> From: <sips:200 at pbx.voip.com>;tag=F798336AA08EF9FCFA89D3BDFE0C8C8F
> To: <sips:*43 at pbx.voip.com>;tag=961d0e22-a4f0-453c-9870-6a41578afc96
> CSeq: 2 INVITE
> Contact: <sip:172.16.0.2:5060>
> P-Asserted-Identity: "xxxxxxxxx" <sips:*43 at pbx.voip.com>
> Content-Type: application/sdp
>
>
> and the UAC send the ACK and BYE from a different tcp port and to:
> sips:172.16.0.2:5060;transport=tcp
>
>
> 2022/10/10 09:28:48.495365 80.0.0.1:49996 -> 80.0.0.2:5061
> ACK sips:172.16.0.2:5060;transport=tcp SIP/2.0
> Via: SIP/2.0/TLS 192.168.0.1:49996;branch=z9hG4bKppftdQze20lnwT41;rport
> Route: <sip:80.0.0.2:5061
> ;transport=tls;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
> Route: <sip:172.16.0.1:5060
> ;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F>
> Max-Forwards: 70
> To: <sips:*43 at pbx.voip.com>;tag=961d0e22-a4f0-453c-9870-6a41578afc96
> From: <sips:200 at pbx.voip.com>;tag=F798336AA08EF9FCFA89D3BDFE0C8C8F
> Call-ID: 1EC2AB679C1EA1BAB60FD03B09F878020B12D3E7
> CSeq: 2 ACK
>
>
> kamailio error log
> WARNING:  <core> [core/forward.c:229]: get_send_socket2(): protocol/port
> mismatch (forced udp:172.16.0.2:5060, to tls:172.16.0.3:5060)
>
>
>
>
> How can I solve this ?
>
> Best Regards
>
> Leo
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221018/1b065d89/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sip-ok-small.jpeg
Type: image/jpeg
Size: 77945 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221018/1b065d89/attachment.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sip-ko-small.jpeg
Type: image/jpeg
Size: 112908 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221018/1b065d89/attachment-0001.jpeg>

More information about the sr-users mailing list