[SR-Users] "Contact does not exist in PCSCF usrloc" error in log
Hello, We are trying to integrate Kamailio as the IMS server with our 5G core emulator by following the steps listed out at https://open5gs.org/open5gs/docs/tutorial/02-VoLTE-setup/. In our case, we have our own 5G core emulator instead of the Open5GS core. We are using sipp scripts to generate the SIP calls. The PCRF component of the 5G core is emulated by us and is capable of handling Diamater calls from Kamailio over the Rx interface. We have got the setup working to the point where the SIP Register calls are landing on the PCSCF which in turn is sending out AA Requests to PCRF and the PCRF is responding. However there is an internal error in the Kamailio log "4(3682133) ERROR: ims_qos [ims_qos_mod.c:1305]: w_rx_aar_register(): This contact does not exist in PCSCF usrloc - error in cfg file" Please help us in identifying if we are missing anything in the Kamailio set up. The packet capture and syslog excerpts from the VM where Kamailio is running are attached; here we are trying to perform SIP Registration for three SIP endpoints 001010123456791, 001010123456792 and 001010123456793. If there is any additional information required, please let us know. Regards, Shantanu <> ims_sip_register2.pcap Description: application/vnd.tcpdump.pcap __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Via header force change protocol to TLS?
Hi David Could you send PCAP for an inbound call via TCP connection? Sergey On Thu, May 23, 2024 at 5:53 PM David Villasmil < david.villasmil.w...@gmail.com> wrote: > it's still in progress though. > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > > > On Thu, May 23, 2024 at 4:51 PM David Villasmil < > david.villasmil.w...@gmail.com> wrote: > >> Thanks, I'll check it out! >> Regards, >> >> David Villasmil >> email: david.villasmil.w...@gmail.com >> phone: +34669448337 >> >> >> On Thu, May 23, 2024 at 4:16 PM Sergey Safarov >> wrote: >> >>> We have tested this PR using the Linphone app. >>> So your case will be resolved using this PR. >>> Need to enable HAproxy protocol headers. >>> >>> On Wed, May 22, 2024 at 4:36 PM Sergey Safarov >>> wrote: >>> Please try Kamailio PR https://github.com/kamailio/kamailio/pull/3731 We have developed this PR for use case you have described. We have tested Route and Record-Route headers not Via. So will provide some review for this PR then will be fine. On Wed, May 22, 2024 at 2:22 PM David Villasmil < david.villasmil.w...@gmail.com> wrote: > Hello Sergey, > > Thanks for the suggestion. Not sure if his is what i'm looking for, > allow me to explain further: > We set up an NetworkLoadBalancer on AWS to offload tls on it. This > Load balancer is a TLS listener on the outside and a TCP connection to the > proxy inside. > So when sending an INVITE to the connected client, the via has a TCP > protocol like > > Via: SIP/2.0/TCP > mydomain:port;branch=z9hG4bKf176.53ac8af0d7090a31e44548f15ea420ff.0 > > and the client (linphone) disconnects and tries to contact the proxy > on that address on a TCP socket, which doesn't exist. I tried many > solutions none of which actually work... last one setting $du =$du + > ";transport=tls" and forcing the socket to the TCP socket to the load > balancer, but of course i'm getting warnings about this. > > is this something that PR (not merged) would be addressing, i didn't > see that. > If not, is there a way of doing this without any trickery? > > Thanks! > > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > > > On Wed, May 22, 2024 at 12:16 PM Sergey Safarov > wrote: > >> Probable you need this PR >> https://github.com/kamailio/kamailio/pull/3810 >> >> Or you can try >> https://github.com/kamailio/kamailio/pull/3731 >> In this PR we faced the same issue and solved this. >> >> >> On Wed, May 22, 2024 at 3:43 AM David Villasmil via sr-users < >> sr-users@lists.kamailio.org> wrote: >> >>> Hello Anthony, did you solve this problem? I'm facing the same >>> problem >>> >>> Thanks! >>> Regards, >>> >>> David Villasmil >>> email: david.villasmil.w...@gmail.com >>> phone: +34669448337 >>> >>> >>> On Mon, Feb 5, 2018 at 5:57 AM Anthony Alba >>> wrote: >>> I have kamailio behind a TLS termination proxy so the sockets are correctly deduced to be TCP. However the clients only talk TLS to the proxy and are confused when the top Via header added by Kamailio is TCP. Is there a way for Kamailio to forcibly pretend its protocol is TLS? Like advertised_address but "advertised_protocol" instead. (With pjsip testing: it has a flag use_tls which ignores TCP from Kamailio and continues to use the persistent TLS transport to proxy. Linphone fails because it tries to honor TCP in Via and is unable to establish TCP transport). BTW I am using t_relay_to_tcp so Kamailio will return traffic to the proxy as TCP even though the contact addresses specify transport=TLS. ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> __ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply >>> only to the sender! >>> Edit mailing list options or unsubscribe: >>> >> __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Via header force change protocol to TLS?
it's still in progress though. Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Thu, May 23, 2024 at 4:51 PM David Villasmil < david.villasmil.w...@gmail.com> wrote: > Thanks, I'll check it out! > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > > > On Thu, May 23, 2024 at 4:16 PM Sergey Safarov > wrote: > >> We have tested this PR using the Linphone app. >> So your case will be resolved using this PR. >> Need to enable HAproxy protocol headers. >> >> On Wed, May 22, 2024 at 4:36 PM Sergey Safarov >> wrote: >> >>> Please try Kamailio PR >>> https://github.com/kamailio/kamailio/pull/3731 >>> >>> We have developed this PR for use case you have described. >>> We have tested Route and Record-Route headers not Via. >>> So will provide some review for this PR then will be fine. >>> >>> On Wed, May 22, 2024 at 2:22 PM David Villasmil < >>> david.villasmil.w...@gmail.com> wrote: >>> Hello Sergey, Thanks for the suggestion. Not sure if his is what i'm looking for, allow me to explain further: We set up an NetworkLoadBalancer on AWS to offload tls on it. This Load balancer is a TLS listener on the outside and a TCP connection to the proxy inside. So when sending an INVITE to the connected client, the via has a TCP protocol like Via: SIP/2.0/TCP mydomain:port;branch=z9hG4bKf176.53ac8af0d7090a31e44548f15ea420ff.0 and the client (linphone) disconnects and tries to contact the proxy on that address on a TCP socket, which doesn't exist. I tried many solutions none of which actually work... last one setting $du =$du + ";transport=tls" and forcing the socket to the TCP socket to the load balancer, but of course i'm getting warnings about this. is this something that PR (not merged) would be addressing, i didn't see that. If not, is there a way of doing this without any trickery? Thanks! Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Wed, May 22, 2024 at 12:16 PM Sergey Safarov wrote: > Probable you need this PR > https://github.com/kamailio/kamailio/pull/3810 > > Or you can try > https://github.com/kamailio/kamailio/pull/3731 > In this PR we faced the same issue and solved this. > > > On Wed, May 22, 2024 at 3:43 AM David Villasmil via sr-users < > sr-users@lists.kamailio.org> wrote: > >> Hello Anthony, did you solve this problem? I'm facing the same problem >> >> Thanks! >> Regards, >> >> David Villasmil >> email: david.villasmil.w...@gmail.com >> phone: +34669448337 >> >> >> On Mon, Feb 5, 2018 at 5:57 AM Anthony Alba >> wrote: >> >>> I have kamailio behind a TLS termination proxy so the sockets are >>> correctly deduced to be TCP. However the clients only talk TLS to the >>> proxy >>> and are confused when the top Via header added by Kamailio is TCP. Is >>> there >>> a way for Kamailio to forcibly pretend its protocol is TLS? Like >>> advertised_address but "advertised_protocol" instead. >>> >>> (With pjsip testing: it has a flag use_tls which ignores TCP from >>> Kamailio and continues to use the persistent TLS transport to proxy. >>> Linphone fails because it tries to honor TCP in Via and is unable to >>> establish TCP transport). >>> >>> BTW I am using t_relay_to_tcp so Kamailio will return traffic to the >>> proxy as TCP even though the contact addresses specify transport=TLS. >>> ___ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> __ >> Kamailio - Users Mailing List - Non Commercial Discussions >> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only >> to the sender! >> Edit mailing list options or unsubscribe: >> > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Via header force change protocol to TLS?
Thanks, I'll check it out! Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Thu, May 23, 2024 at 4:16 PM Sergey Safarov wrote: > We have tested this PR using the Linphone app. > So your case will be resolved using this PR. > Need to enable HAproxy protocol headers. > > On Wed, May 22, 2024 at 4:36 PM Sergey Safarov > wrote: > >> Please try Kamailio PR >> https://github.com/kamailio/kamailio/pull/3731 >> >> We have developed this PR for use case you have described. >> We have tested Route and Record-Route headers not Via. >> So will provide some review for this PR then will be fine. >> >> On Wed, May 22, 2024 at 2:22 PM David Villasmil < >> david.villasmil.w...@gmail.com> wrote: >> >>> Hello Sergey, >>> >>> Thanks for the suggestion. Not sure if his is what i'm looking for, >>> allow me to explain further: >>> We set up an NetworkLoadBalancer on AWS to offload tls on it. This Load >>> balancer is a TLS listener on the outside and a TCP connection to the proxy >>> inside. >>> So when sending an INVITE to the connected client, the via has a TCP >>> protocol like >>> >>> Via: SIP/2.0/TCP >>> mydomain:port;branch=z9hG4bKf176.53ac8af0d7090a31e44548f15ea420ff.0 >>> >>> and the client (linphone) disconnects and tries to contact the proxy on >>> that address on a TCP socket, which doesn't exist. I tried many >>> solutions none of which actually work... last one setting $du =$du + >>> ";transport=tls" and forcing the socket to the TCP socket to the load >>> balancer, but of course i'm getting warnings about this. >>> >>> is this something that PR (not merged) would be addressing, i didn't see >>> that. >>> If not, is there a way of doing this without any trickery? >>> >>> Thanks! >>> >>> Regards, >>> >>> David Villasmil >>> email: david.villasmil.w...@gmail.com >>> phone: +34669448337 >>> >>> >>> On Wed, May 22, 2024 at 12:16 PM Sergey Safarov >>> wrote: >>> Probable you need this PR https://github.com/kamailio/kamailio/pull/3810 Or you can try https://github.com/kamailio/kamailio/pull/3731 In this PR we faced the same issue and solved this. On Wed, May 22, 2024 at 3:43 AM David Villasmil via sr-users < sr-users@lists.kamailio.org> wrote: > Hello Anthony, did you solve this problem? I'm facing the same problem > > Thanks! > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > > > On Mon, Feb 5, 2018 at 5:57 AM Anthony Alba > wrote: > >> I have kamailio behind a TLS termination proxy so the sockets are >> correctly deduced to be TCP. However the clients only talk TLS to the >> proxy >> and are confused when the top Via header added by Kamailio is TCP. Is >> there >> a way for Kamailio to forcibly pretend its protocol is TLS? Like >> advertised_address but "advertised_protocol" instead. >> >> (With pjsip testing: it has a flag use_tls which ignores TCP from >> Kamailio and continues to use the persistent TLS transport to proxy. >> Linphone fails because it tries to honor TCP in Via and is unable to >> establish TCP transport). >> >> BTW I am using t_relay_to_tcp so Kamailio will return traffic to the >> proxy as TCP even though the contact addresses specify transport=TLS. >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > __ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only > to the sender! > Edit mailing list options or unsubscribe: > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Via header force change protocol to TLS?
We have tested this PR using the Linphone app. So your case will be resolved using this PR. Need to enable HAproxy protocol headers. On Wed, May 22, 2024 at 4:36 PM Sergey Safarov wrote: > Please try Kamailio PR > https://github.com/kamailio/kamailio/pull/3731 > > We have developed this PR for use case you have described. > We have tested Route and Record-Route headers not Via. > So will provide some review for this PR then will be fine. > > On Wed, May 22, 2024 at 2:22 PM David Villasmil < > david.villasmil.w...@gmail.com> wrote: > >> Hello Sergey, >> >> Thanks for the suggestion. Not sure if his is what i'm looking for, allow >> me to explain further: >> We set up an NetworkLoadBalancer on AWS to offload tls on it. This Load >> balancer is a TLS listener on the outside and a TCP connection to the proxy >> inside. >> So when sending an INVITE to the connected client, the via has a TCP >> protocol like >> >> Via: SIP/2.0/TCP >> mydomain:port;branch=z9hG4bKf176.53ac8af0d7090a31e44548f15ea420ff.0 >> >> and the client (linphone) disconnects and tries to contact the proxy on >> that address on a TCP socket, which doesn't exist. I tried many >> solutions none of which actually work... last one setting $du =$du + >> ";transport=tls" and forcing the socket to the TCP socket to the load >> balancer, but of course i'm getting warnings about this. >> >> is this something that PR (not merged) would be addressing, i didn't see >> that. >> If not, is there a way of doing this without any trickery? >> >> Thanks! >> >> Regards, >> >> David Villasmil >> email: david.villasmil.w...@gmail.com >> phone: +34669448337 >> >> >> On Wed, May 22, 2024 at 12:16 PM Sergey Safarov >> wrote: >> >>> Probable you need this PR >>> https://github.com/kamailio/kamailio/pull/3810 >>> >>> Or you can try >>> https://github.com/kamailio/kamailio/pull/3731 >>> In this PR we faced the same issue and solved this. >>> >>> >>> On Wed, May 22, 2024 at 3:43 AM David Villasmil via sr-users < >>> sr-users@lists.kamailio.org> wrote: >>> Hello Anthony, did you solve this problem? I'm facing the same problem Thanks! Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Mon, Feb 5, 2018 at 5:57 AM Anthony Alba wrote: > I have kamailio behind a TLS termination proxy so the sockets are > correctly deduced to be TCP. However the clients only talk TLS to the > proxy > and are confused when the top Via header added by Kamailio is TCP. Is > there > a way for Kamailio to forcibly pretend its protocol is TLS? Like > advertised_address but "advertised_protocol" instead. > > (With pjsip testing: it has a flag use_tls which ignores TCP from > Kamailio and continues to use the persistent TLS transport to proxy. > Linphone fails because it tries to honor TCP in Via and is unable to > establish TCP transport). > > BTW I am using t_relay_to_tcp so Kamailio will return traffic to the > proxy as TCP even though the contact addresses specify transport=TLS. > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: >>> __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] VoLTE/IMS third party registration issues
Checking Kamailio in a VoLTE environment we are finding issues to make it work. First issues arise when getting AS to extract the required info from third party registration, primarily IMPUs. Third party registration is sent to AS with IMPI in To header, preventing the AS from extracting the IMPU from the most obvious place, the To header, according to 3GPP 24.229: "Notification of Application Servers about registration status [...] the To header field, which shall contain a non-barred public user identity belonging to the service profile of the processed Filter Criteria. It may be either a public user identity as contained in the REGISTER request received from the UE or one of the implicitly registered public user identities in the service profile, as configured by the operator;" On the other hand, the third party registration can only embed in its body either the original request or the original response but not both (notice mutually exclusive "else if" statements in third_party_reg.c). Both are needed to extract Feature-Caps (from original request) and IMPUs (for instance from P-Associated-URI in original response). Therefore to extract that info the AS should subscribe to the reg info in S-CSCF, but such SUBSCRIBE is rejected with 403. From Registrar IMS SCSCF documenation it looks like this is not supported: "This function checks to see that a SUBSCRIBE request is authorised to subscribe to the particular identity. Only 3 entities can subscribe: The user agent to its own state The P-CSCF specified in the path header for that user Application Server (AS) not yet implemented" Therefore question to the community is how these limitations are overcome in existing VoLTE deployments with Kamailio? Any advice? __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Kamailio IPSec module
Hey Hossein, I haven't tested that many registrations. Max. I have tested is 10 simultaneous connection. In this case, Kamailio creates sockets to UEs IP:PORT on demand for sending > out ? Yes, Kamailio establishes IPSec connections between the ports mentioned in "Security-Client" header and the Kamailio IPSec Server and Client port when it receives SIP REGISTER with "Security-Client" header during UE IMS registration. Best Regards, Supreeth On Tue, 21 May 2024 at 19:53, H Yavari wrote: > Hi Supreeth, > > Thank you, but can we expect Kamailio to handle for example 10K > registrations with this configuration? > In this case, Kamailio creates sockets to UEs IP:PORT on demand for > sending out ? > > Regards, > Hossein > > > > On Tuesday, May 21, 2024 at 07:38:24 AM PDT, Supreeth Herle < > herlesupre...@gmail.com> wrote: > > > Hello Hossein, > > You can potentially limit the ipsec connections to only one port (1 server > port and 1 client port) if you set the below configuration parameter to 1. > > modparam("ims_ipsec_pcscf", "ipsec_max_connections", 1) > > Hope it helps. Please ignore the formatting of this email. > > Best Regards, > > Supreeth > > > On Thu 16. May 2024 at 11:04, H Yavari via sr-users < > sr-users@lists.kamailio.org> wrote: > > Hi Daniel, > > Thank you for the reply. > I will work on it. > > Regards, > Hossein > > On Thursday, May 16, 2024 at 12:03:34 AM PDT, Daniel-Constantin Mierla < > mico...@gmail.com> wrote: > > > Hello, > On 15.05.24 22:09, H Yavari via sr-users wrote: > > Hi all, > > I was reviewing the `ims_ipsec_pcscf` code and noticed that this module > creates a pool of sockets using different ports (ipsec_max_connections). > I'm unclear on the necessity of this approach. Can't we simply create one > server listener and one client listener to handle all UE connections? If > this is feasible, is there still a need to create the pool at startup? > > I'm curious if this is due to an architectural limitation or if the IPSec > module can be modified to replace the current implementation with a more > efficient one. > > technically it is no restriction to have one client socket and one server > socket. I am not much active in the VoLTE or VoNR, although I played lately > with the later, but from some past discussions I understood that the specs > suggest/recommend this approach with a pool of sockets -- I haven't read > the specs to confirm personally if that's the case. > > Anyhow, during the OSMNT'24 and KamailioWorld'24 conferences, I had > discussions with some participants interested in the topic and switching to > (or adding the option of) single client/server socket was considered to be > done in the future. > > For now, if you are concerned of using too many resources due to many > children processes, you can use development version (git master branch) > where you have the option to have threads for receiving traffic on UDP > sockets, with a single pool of processes to handle the UDP SIP traffic: > > - > https://www.kamailio.org/wikidocs/cookbooks/devel/core/#udp_receiver_mode > > Or, even better, if you can develop the code for having single > client/server socket, just do it and make a PR. > > Cheers, > Daniel > > -- > Daniel-Constantin Mierla (@ asipto.com)twitter.com/miconda -- > linkedin.com/in/miconda > Kamailio Consultancy, Training and Development Services -- asipto.com > > __ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Is there any funtion to route based on source phone number
Hello, the carrierroute module also supports the longest prefix match of course. Cheers, Henning > -Original Message- > From: Juha Heinanen via sr-users > Sent: Dienstag, 21. Mai 2024 16:08 > To: Kamailio (SER) - Users Mailing List > Cc: SAMUEL MOYA TINOCO ; Juha Heinanen > > Subject: [SR-Users] Re: Is there any funtion to route based on source phone > number > > If you want to select something based on phone number (longest) prefix, then > mtree module could be useful. > > -- Juha > __ > Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send > an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: