Re: [SR-Users] Mutual TLS with Skype for Business 2015

[Francisco Valentin Vinagrero]

Hi all,

I’m still stuck with this even if I built a new VM to avoid any buggy 
configuration.

Some thoughts on this:


1.   I have tried to change verify_certificate = no on my server section of 
tls.cfg, so ideally the remote certificate will not be verified, but this is 
not changing anything.



2.   My Kamailio cluster is part of a DNS alias, but the alias is defined 
as alias=:5061 in the Kamailio.cfg. Could this be affecting somehow 
the verification? My tls.cfg only has server:default and client:default section.



3.   Every time I reload the configuration, the TLS info and debug messages 
for client and server are coherent with what I would expect from my tls.cfg:



INFO: tls [tls_domain.c:278]: fill_missing(): TLSs: tls_method=20

INFO: tls [tls_domain.c:290]: fill_missing(): TLSs: 
certificate='/usr/local/etc/kamailio/tls/myCert.pem'

INFO: tls [tls_domain.c:297]: fill_missing(): TLSs: 
ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem'

INFO: tls [tls_domain.c:304]: fill_missing(): TLSs: crl='(null)'

INFO: tls [tls_domain.c:308]: fill_missing(): TLSs: 
require_certificate=1

INFO: tls [tls_domain.c:315]: fill_missing(): TLSs: 
cipher_list='(null)'

INFO: tls [tls_domain.c:322]: fill_missing(): TLSs: 
private_key='/usr/local/etc/kamailio/tls/myKey.pem'

INFO: tls [tls_domain.c:326]: fill_missing(): TLSs: 
verify_certificate=1

INFO: tls [tls_domain.c:329]: fill_missing(): TLSs: verify_depth=9

DEBUG: tls [tls_domain.c:968]: fix_domain(): using tls methods range: 20

DEBUG: tls [tls_domain.c:566]: load_crl(): TLSs: No CRL configured

INFO: tls [tls_domain.c:658]: set_verification(): TLSs: Client MUST 
present valid certificate

INFO: tls [tls_domain.c:278]: fill_missing(): TLSc: tls_method=20

INFO: tls [tls_domain.c:290]: fill_missing(): TLSc: 
certificate='/usr/local/etc/kamailio/tls/myCert.pem'

INFO: tls [tls_domain.c:297]: fill_missing(): TLSc: 
ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem'

INFO: tls [tls_domain.c:304]: fill_missing(): TLSc: crl='(null)'

INFO: tls [tls_domain.c:308]: fill_missing(): TLSc: 
require_certificate=1

INFO: tls [tls_domain.c:315]: fill_missing(): TLSc: 
cipher_list='(null)'

INFO: tls [tls_domain.c:322]: fill_missing(): TLSc: 
private_key='/usr/local/etc/kamailio/tls/myKey.pem'

INFO: tls [tls_domain.c:326]: fill_missing(): TLSc: 
verify_certificate=1

INFO: tls [tls_domain.c:329]: fill_missing(): TLSc: verify_depth=9

DEBUG: tls [tls_domain.c:968]: fix_domain(): using tls methods range: 20

DEBUG: tls [tls_domain.c:566]: load_crl(): TLSc: No CRL configured

INFO: tls [tls_domain.c:658]: set_verification(): TLSc: Server MUST 
present valid certificate

DEBUG: tls [tls_domain.c:1119]: load_private_key(): TLSs: Key 
'/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded

DEBUG: tls [tls_domain.c:1119]: load_private_key(): TLSc: Key 
'/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded

DEBUG: tls [tls_rpc.c:82]: tls_reload(): TLS configuration successfuly loaded



4.   When the first handshake begins after reloading, it goes to the TLSs 
default domain:



DEBUG:  [ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: 
188.185.115.181

DEBUG:  [tcp_main.c:985]: tcpconn_new(): on port 56404, type 3

DEBUG:  [tcp_main.c:1295]: tcpconn_add(): hashes: 2351:1920:1122, 168

DEBUG:  [io_wait.h:376]: io_watch_add(): DBG: io_watch_add(0xa25be0, 30, 
2, 0x7ff243558420), fd_no=21

DEBUG:  [io_wait.h:598]: io_watch_del(): DBG: io_watch_del (0xa25be0, 30, 
-1, 0x0) fd_no=22 called

DEBUG:  [tcp_main.c:4131]: handle_tcpconn_ev(): sending to child, events 1

DEBUG:  [tcp_main.c:3813]: send2child(): selected tcp worker 2 13(13472) 
for activity on [tls::5061], 0x7ff243558420

DEBUG:  [tcp_read.c:1566]: handle_io(): received n=8 con=0x7ff243558420, 
fd=8

DEBUG: tls [tls_server.c:197]: tls_complete_init(): completing tls connection 
initialization

DEBUG: tls [tls_server.c:226]: tls_complete_init(): Using initial TLS domain 
TLSs (dom 0x7ff242d79b40 ctx 0x7ff2430cc448 sn [])



5.   I wonder if anyone has configured this with Skype for Business 2015 
lately? Any clue?


Cheers, Francisco.
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] fix_nated_contact and IPv6

[Kristijan Vrban]

fix_contact from NAT Traversal Module has the same issue.

2015-01-23 10:24 GMT+01:00 Sebastian Damm :

> Hi Daniel, Hi Klaus,
>
> On Thu, Jan 22, 2015 at 10:48 PM, Daniel-Constantin Mierla <
> mico...@gmail.com> wrote:
>
>> 1) I guess the initial author know there is no nat in ipv6, so he didn't
>> bother with. I just pushed a patch for it in master (814c08f3), if
>> tested and reported to work ok, it can be backported
>>
>
> Thanks for the patch, I just patched our 4.1.3 with it, and now the
> Contact IP is surrounded by square brackets. So I guess it can be
> backported.
>
>
>> 2) the contact uri example in the first email is perhaps not properly
>> reflecting the contact uri that was generated, because it should have
>> been with the ip address and the port. It seems to be only the ip
>> address. If there was an omission, that's ok, because I expect the uri
>> parsing error is due to hostpart having the port following the ipv6
>> address -- that requires the ipv6 between []. If the port was missing,
>> that can be another issue, but the code shows the port is always added
>> and it wouldn't worked at all so far without it.
>>
>
> Sorry, that was my mistake. The request came in from an odd port, so I
> removed it while adjusting the line for the mailing list. Of course, after
> fix_nated_contact the port is appended.
>
> 3) use set_contact_alias() if use modules that need the new contact
>> (like dialog, presence, ...) for later usage. The *contact_alias()
>> function don't change the host/port part, they just add a new parameter,
>> so it would have been safe with or without []. Anyhow, the code adds []
>> if the address is ipv6
>>
>
> I have had a look into these functions, and they seem a lot more
> appropriate (and do work with IPv6). Guess they haven't been there, when we
> originally built that part of our configuration back in 2007. I think we
> will use those functions now.
>
> Thanks for the quick help.
>
> Best Regards,
> Sebastian
>
> ___
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-us...@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] sanity passes invalid uri

[Juha Heinanen]

I noticed that K 5.0 sanity() test passes uri that contains ` (back quote)
character.

Config:

modparam("sanity", "default_checks", 1024) /* URI checks */
modparam("sanity", "uri_checks", 3)  /* RURI, From */

xlog("L_INFO", "Checking $ru\n");
if (!sanity_check())
xlog("L_INFO", "Check failed\n");
else
xlog("L_INFO", "Check passed\n");

Syslog:

Oct 27 17:17:38 lohi /usr/bin/sip-proxy[31946]: INFO: Checking sip:jh@te`st.fi
Oct 27 17:17:38 lohi /usr/bin/sip-proxy[31946]: INFO: Check passed

According to RFC3261:

hostname =  *( domainlabel "." ) toplabel [ "." ]
domainlabel  =  alphanum
/ alphanum *( alphanum / "-" ) alphanum

Is this a bug or am I missing something?

-- Juha

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Too Long Contact URI

[Soltanici Ilie]

Solved, this was because of contact_max_size from registrar module. Increase 
his value - solved the issue.
Thank You.

>Пятница, 27 октября 2017, 11:41 +01:00 от Soltanici Ilie :
>
>Hi All,
>
>I cannot Register some softphones because of too long Contact header when 
>using TCP protocol.
>
>Using UDP - everything works ok and this is how the Contact header looking:
>
>sip:xx...@xxx.xxx.xxx.xxx:64773;rinstance=6502234ef65ea6e7
>
>But, switching to the TCP i'm receiving the following warning:
>
>WARNING: registrar [sip_msg.c:194]: check_contacts(): contact uri is too 
>long:[sip:X@192.168.0.1:60471;rinstance=bf4d7aae0f099bf0;transport=tcp]
>
>How can i solve this issue?
>Thank You.

С уважением,
Ilie Soltanici
ili...@mail.ru
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Too Long Contact URI

[Soltanici Ilie]

Hi All,

I cannot Register some softphones because of too long Contact header when using 
TCP protocol.

Using UDP - everything works ok and this is how the Contact header looking:

sip:xx...@xxx.xxx.xxx.xxx:64773;rinstance=6502234ef65ea6e7

But, switching to the TCP i'm receiving the following warning:

WARNING: registrar [sip_msg.c:194]: check_contacts(): contact uri is too 
long:[sip:X@192.168.0.1:60471;rinstance=bf4d7aae0f099bf0;transport=tcp]

How can i solve this issue?
Thank You.___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] How to send OPTIONS message by kamailio server

[José Seabra]

Hi,
You can also generate SIP Options from UAC module.

https://www.kamailio.org/docs/modules/stable/modules/uac.html#uac.f.uac_req_send

Regards

2017-10-27 11:11 GMT+01:00 Vasiliy Ganchev :

> Hi!
>
> There is a new module:
> https://kamailio.org/docs/modules/devel/modules/keepalive.html
>
> give it a try - it looks like what you needed.
>
> cheers
>
>
>
> --
> Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>



-- 
Cumprimentos
José Seabra
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] How to send OPTIONS message by kamailio server

[Vasiliy Ganchev]

Hi!

There is a new module:
https://kamailio.org/docs/modules/devel/modules/keepalive.html

give it a try - it looks like what you needed.

cheers



--
Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Timer function didnot trigger the routing function

[Daniel-Constantin Mierla]

Hello,


On 27.10.17 08:14, RAJA SREE RATHNA gomathinayagam wrote:
> Hello Daniel,
>
> While going through the rtimer module we noticed that it execute the
> routing function repeatedly after the given interval of time. But our
> specification is to execute the routing function only once and timer
> should be enabled based on specific condition. Also there is no enable
> or disable option for rtimer module as in timer module, whether rtimer
> module can be enabled based on specific condition.If it is possible
> could you please suggest the solution.

the rtimer is indeed designed for repeated execution of routing blocks.
You can script ta way to enable disable execution of the route block by
having a condition on a shared memory variable, like:

route[RTIMER] {

  if($shv(rtimer)==1) return;
  ...
}

Whenever you set the $shv(rtimer) to 1, then practically the execution
of the route[RTIMER] ends without running your actions. The shv variable
can be set from any other part of the config and even via rpc command
from outside of kamailio.

On the other hand, you can just try to go with timer module if suits
better your needs. I just can't provide straightforward hints for it,
because I don't use it, but it should work.

Cheers,
Daniel

>
> Thanks & Regards,
> Rathna.
>
> On Oct 24, 2017 12:54 PM, "RAJA SREE RATHNA gomathinayagam"
> > wrote:
>
> Hi,
>    I tried using the timer function to call a function after
> specific time but it was not working as specified. Could you
> please help me with some example using timer to trigger a function.
>  
> I tried it using the description given in below link.
>  
> www.kamailio.org/docs/modules/devel/modules/timer.html
> 
>
>
> Thanks and regards,
> Rathna.
>

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
Kamailio World Conference - www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio v5.0.4 Released

[Sergey Safarov]

RPM packages is recreated
Pull request is created #1285


чт, 26 окт. 2017 г. в 22:24, Sergey Safarov :

> Ok, i will update spec file on OBS.
> And create PR to refresh SPEC for 5.0 branch
>
> Sergey
>
> чт, 26 окт. 2017 г. в 22:22, Daniel-Constantin Mierla :
>
>> Hello Sergey,
>>
>> what I did was to upload the files from pkg/kamailio/obs of branch 5.0 to
>> OBS project. I thought that was what should be there, it felt like the
>> version in the OBS site was an old one. As I wanted to be sure rpms build
>> fine for release, I did it once I triggered the release. If it is not the
>> right version of the specs, then it can be changed, of course. I did have
>> to do some changes in the .spec file to use the service and other sysconfig
>> files from pkg/kamailio/obs, as the default spec rules were looking for
>> *osname*/*version* (like rhel/7), but these don't exist.
>>
>> Cheers,
>> Daniel
>>
>> On 26.10.17 13:06, Sergey Safarov wrote:
>>
>> Hello Daniel
>> I want package kamailio 5.0.4 to RPM, but i find that you do this.
>> Also i find that some OBS script is reverted back.
>>
>> Can I made changes on OBS?
>>
>> ср, 25 окт. 2017 г. в 17:00, Daniel-Constantin Mierla > >:
>>
>>> Hello,
>>>
>>> Kamailio SIP Server v5.0.4 stable release is out!
>>>
>>> This is a maintenance release of the latest stable branch, 5.0, that
>>> includes fixes since the release of v5.0.3. There is no change to
>>> database schema or configuration language structure that you have to do
>>> on previous installations of v5.0.x. Deployments running previous 5.0.x
>>> versions are strongly recommended to be upgraded to v5.0.4.
>>>
>>> For more details about version 5.0.4 (including links and guidelines to
>>> download the tarball or from GIT repository), visit:
>>>
>>>   * https://www.kamailio.org/w/2017/10/kamailio-v5-0-4-released/
>>>
>>> RPM, Debian/Ubuntu packages will be available soon as well.
>>>
>>> Many thanks to all contributing and using Kamailio!
>>>
>>> Cheers,
>>> Daniel
>>>
>>>
>>> --
>>> Daniel-Constantin Mierla
>>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>
>>> ___
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>> --
>> Daniel-Constantin Mierlawww.twitter.com/miconda -- 
>> www.linkedin.com/in/miconda
>>
>>
>> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
>> Kamailio World Conference - www.kamailioworld.com
>>
>>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Set timeout before 180/183 reply arrived

[Yu Boot]

Thanks!


27.10.2017 9:53, Alex Balashov пишет:

On Fri, Oct 27, 2017 at 09:44:55AM +0300, Yu Boot wrote:


Have a problem with some uplinks. They sometimes respond "100 Trying" on
initial INVITE and... that's all. A caller waits for about 30 seconds and
cancel a call deciding there's something wrong with our network. How to use
failure route when 180/183 answers don't arrive in 5 or 10 seconds after
INVITE?

Use t_set_fr() to set a timeout of 5 sec or whatever, then reset it
(e.g. t_reset_fr()) to a more reasonable default in an onreply_route
when a 18x reply is received.




___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Set timeout before 180/183 reply arrived

[Alex Balashov]

On Fri, Oct 27, 2017 at 09:44:55AM +0300, Yu Boot wrote:

> Have a problem with some uplinks. They sometimes respond "100 Trying" on
> initial INVITE and... that's all. A caller waits for about 30 seconds and
> cancel a call deciding there's something wrong with our network. How to use
> failure route when 180/183 answers don't arrive in 5 or 10 seconds after
> INVITE?

Use t_set_fr() to set a timeout of 5 sec or whatever, then reset it
(e.g. t_reset_fr()) to a more reasonable default in an onreply_route
when a 18x reply is received.

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Timer function didnot trigger the routing function

[RAJA SREE RATHNA gomathinayagam]

Hello Daniel,

While going through the rtimer module we noticed that it execute the
routing function repeatedly after the given interval of time. But our
specification is to execute the routing function only once and timer should
be enabled based on specific condition. Also there is no enable or disable
option for rtimer module as in timer module, whether rtimer module can be
enabled based on specific condition.If it is possible could you please
suggest the solution.

Thanks & Regards,
Rathna.

On Oct 24, 2017 12:54 PM, "RAJA SREE RATHNA gomathinayagam" <
rajasreerat...@gmail.com> wrote:

> Hi,
>I tried using the timer function to call a function after specific time
> but it was not working as specified. Could you please help me with some
> example using timer to trigger a function.
>
> I tried it using the description given in below link.
>
> www.kamailio.org/docs/modules/devel/modules/timer.html
>
>
> Thanks and regards,
> Rathna.
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users