Hi, be aware, that IPSec for VoLTE does not work for NAT.
Thanks, Carsten -- Carsten Bock I CTO & Founder ng-voice GmbH Trostbrücke 1 I 20457 Hamburg I Germany T +49 179 2021244 I www.ng-voice.com Registry Office at Local Court Hamburg, HRB 120189 Managing Directors: Dr. David Bachmann, Carsten Bock Am Mo., 14. Nov. 2022 um 16:09 Uhr schrieb Oleg Belousov < obelou...@gmail.com>: > Hi, Hossein. > Increased privileges for proxy container, now can see records in both SPD > and SAD, but still ipsec is not established. Possible because UE is behind > NAY - will check that either. Thanks for your advice. > # ip xfrm state count > SAD count 28 > # ip xfrm policy count > SPD IN 16 OUT 16 FWD 0 > > Hi, Giovanni. > Thank you. Yes, I saw that fork and am going to try it as well. Not quite > clear why those patches not included onto the main release. > -- > obelousov.tel > > > On Mon, Nov 14, 2022 at 11:07 AM Giovanni Maruzzelli <gmar...@gmail.com> > wrote: > >> Hello, >> >> you may also want to check Supreeth ipsec patches : >> >> https://github.com/herlesupreeth/kamailio >> >> -giovanni >> >> On Fri, Nov 11, 2022 at 1:44 PM Oleg Belousov <obelou...@gmail.com> >> wrote: >> >>> Hi, Hossein. >>> No, there are not. The output of these two commands is just empty. >>> Should enable it? >>> -- >>> obelousov.tel >>> >>> >>> On Thu, Nov 10, 2022 at 9:08 PM H Yavari <hyav...@rocketmail.com> wrote: >>> >>>> Hi Oleg, >>>> >>>> Can you check the ipsec SA in the OS and see that SA and policies are >>>> there or not: >>>> >> ip x s l >>>> >> ip x p l >>>> >>>> BR, >>>> Hossein >>>> >>>> On Thursday, November 10, 2022 at 03:12:34 AM PST, Oleg Belousov < >>>> obelou...@gmail.com> wrote: >>>> >>>> >>>> Hi. >>>> Working on ims integration with the actual handset, have got a >>>> problem with ipsec establishment to complete registration. >>>> >>>> Initial steps are fine, including diameter exchange and 401 (with >>>> security server details) toward UE. On the next step UE and kamailio should >>>> establish ipsec connection, and UE to submit the next register with a >>>> response. As per trace UE is trying to establish the same (can see initial >>>> TCP SYN encapsulated onto ESP), using port-s, provided in Security-Server, >>>> but get an ICMP packet from server with destination/protocol unreachable. >>>> No more info either in P-SCSF log, no in kern.log. Proxy is listening to >>>> that port, it is tcp and available over telnet, so should not be a >>>> connectivity issue. >>>> Please let know if any ideas how to troubleshoot that further, >>>> -- >>>> obelousov.tel >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> sr-users@lists.kamailio.org >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> sr-users@lists.kamailio.org >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> sr-users@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> >> >> -- >> Sincerely, >> >> Giovanni Maruzzelli >> OpenTelecom.IT >> cell: +39 347 266 56 18 >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> sr-users@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > sr-users@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users