Re: [SR-Users] Disabling weak SSL Cypher suites

[Arik Halperin]

Federico, thanks

Did the changes in the file. It’s fixed.

Arik

> On 22 Dec 2019, at 19:28, Federico Cabiddu  wrote:
> 
> Hi Arik,
> I think that the problem is that you are using a configuration file for tls.
> In this case you have to specify there the parameters like ciphers, because 
> the module's ones will be ignored: 
> http://www.kamailio.org/docs/modules/5.3.x/modules/tls.html#tls.p.config 
> <http://www.kamailio.org/docs/modules/5.3.x/modules/tls.html#tls.p.config>.
> 
> Cheers,
> 
> Federico
> 
> On Sun, Dec 22, 2019 at 6:16 PM Arik Halperin  <mailto:arik.halpe...@s3code.com>> wrote:
> Federico, Thank you
> 
> I added these lines to my config:
> 
> #!ifdef WITH_TLS
> # - tls params -
> modparam("tls","config","/usr/local/etc/kamailio/tls.cfg")
> modparam("tls", "cipher_list", "HIGH")
> modparam("tls", "tls_method", "TLSv1.2+")
> #!endif
> 
> But it still doesn’t work.  
> 
> I ran this test, but it still says:
> 
> Cipher Suites
> # TLS 1.0 (suites in server-preferred order)
> TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK256
> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)   WEAK   256
> TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK128
> TLS_RSA_WITH_SEED_CBC_SHA (0x96)   WEAK   128
> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)   WEAK   128
> TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE 128
> TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE 128
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK
> 
> 
> I don’t know how to get rid of the insecure ones. 
> 
> Best Regards,
> Arik
> 
> 
>> On 10 Dec 2019, at 9:03, Federico Cabiddu > <mailto:federico.cabi...@gmail.com>> wrote:
>> 
>> Hi,
>> for enabling a specific set of ciphers have a look at tls module's 
>> cipher_list param: 
>> http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list
>>  
>> <http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list>.
>> For supporting specific versions of TLS look at tls_method param: 
>> http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method 
>> <http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method>.
>> 
>> Cheers,
>> 
>> Federico
>> 
>> On Tue, Dec 10, 2019 at 7:30 AM Arik Halperin > <mailto:arik.halpe...@s3code.com>> wrote:
>> Hello,
>> 
>> How can I disable:
>> 
>> 
>> TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE128
>> 
>> TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128
>> 
>> What should I put in cypher_list in order to disable the above?
>> 
>> I would also like support TLS 1.2 and TLS 1.3, but remove support for 1.0 
>> and 1.1
>> 
>> Thanks,
>> Arik Halperin
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Disabling weak SSL Cypher suites

[Arik Halperin]

Federico, Thank you

I added these lines to my config:

#!ifdef WITH_TLS
# - tls params -
modparam("tls","config","/usr/local/etc/kamailio/tls.cfg")
modparam("tls", "cipher_list", "HIGH")
modparam("tls", "tls_method", "TLSv1.2+")
#!endif

But it still doesn’t work.  

I ran this test, but it still says:

Cipher Suites
# TLS 1.0 (suites in server-preferred order)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK  256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)   WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK  128
TLS_RSA_WITH_SEED_CBC_SHA (0x96)   WEAK 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)   WEAK 128
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE   128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE   128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK


I don’t know how to get rid of the insecure ones. 

Best Regards,
Arik


> On 10 Dec 2019, at 9:03, Federico Cabiddu  wrote:
> 
> Hi,
> for enabling a specific set of ciphers have a look at tls module's 
> cipher_list param: 
> http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list 
> <http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list>.
> For supporting specific versions of TLS look at tls_method param: 
> http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method 
> <http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method>.
> 
> Cheers,
> 
> Federico
> 
> On Tue, Dec 10, 2019 at 7:30 AM Arik Halperin  <mailto:arik.halpe...@s3code.com>> wrote:
> Hello,
> 
> How can I disable:
> 
> 
> TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE128
> 
> TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128
> 
> What should I put in cypher_list in order to disable the above?
> 
> I would also like support TLS 1.2 and TLS 1.3, but remove support for 1.0 and 
> 1.1
> 
> Thanks,
> Arik Halperin
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Disabling weak SSL Cypher suites

[Arik Halperin]

Hello,

How can I disable:


TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE128

TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128

What should I put in cypher_list in order to disable the above?

I would also like support TLS 1.2 and TLS 1.3, but remove support for 1.0 and 
1.1

Thanks,
Arik Halperin___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Problem with TLS

[Arik Halperin]

Daniel Hello,

Pasted below, 200 OK  and Following ACK(Recorded at the client side via 
wireshark configured with private key)


BR,
Arik


Session Initiation Protocol (200)
Status-Line: SIP/2.0 200 OK
Message Header
Via: SIP/2.0/TLS 
192.168.2.2:48182;received=82.80.164.63;rport=33898;branch=z9hG4bKPjVppvYKQb4X5lJrYpod1wUN.j3KVLrEiT;alias
Record-Route: 

Record-Route: 

From: "number" 
mailto:17813000...@xx.com>>;tag=ZmXcXh6ReoLbMco46J0fCpKOHkUR1sWF
To: 
mailto:...@xx.com>>;tag=7t2StmvUeNpQD
Call-ID: yekcL-0b2PhpgdQo52l921tjX1Z8wErH
CSeq: 10885 INVITE
Contact: 
User-Agent: 
FreeSWITCH-mod_sofia/1.6.20+git~20180123T214909Z~987c9b9a2a~64bit
Accept: application/sdp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, 
REGISTER, REFER, NOTIFY
Require: timer
Supported: timer, path, replaces
Allow-Events: talk, hold, conference, refer
Session-Expires: 1800;refresher=uac
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 1056
Remote-Party-ID: "111" 
;party=calling;privacy=off;screen=no
Message Body
Session Description Protocol
Session Description Protocol Version (v): 0
Owner/Creator, Session Id (o): FreeSWITCH 1528683321 1528683322 IN 
IP4 70.36.25.66
Session Name (s): FreeSWITCH
Connection Information (c): IN IP4 70.36.25.66
Time Description, active time (t): 0 0
Session Attribute (a): msid-semantic: WMS 
V60mDk4CUtzxt4H5xDQPB48KjzMcYE1K
Media Description, name and address (m): audio 37680 RTP/SAVP 107 96
Media Attribute (a): ice-ufrag:b6TC1SdbiQd6k5GL
Media Attribute (a): ice-pwd:NtGGa3jbPjvwRLASIklz2oAa
Media Attribute (a): candidate:5807878115 1 udp 659136 
10.168.10.200 38056 typ host generation 0
Media Attribute (a): candidate:5807878115 2 udp 659135 
10.168.10.200 38057 typ host generation 0
Media Attribute (a): ssrc:3542382753 cname:ASW42RxMaWauQHpe
Media Attribute (a): ssrc:3542382753 
msid:V60mDk4CUtzxt4H5xDQPB48KjzMcYE1K a0
Media Attribute (a): ssrc:3542382753 
mslabel:V60mDk4CUtzxt4H5xDQPB48KjzMcYE1K
Media Attribute (a): ssrc:3542382753 
label:V60mDk4CUtzxt4H5xDQPB48KjzMcYE1Ka0
Media Attribute (a): rtpmap:107 opus/48000/2
Media Attribute (a): rtpmap:96 telephone-event/8000
Media Attribute (a): fmtp:107 useinbandfec=1; minptime=10; 
maxptime=40
Media Attribute (a): fmtp:96 0-16
Media Attribute (a): sendrecv
Media Attribute (a): rtcp:37681
Media Attribute (a): crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:/KCNveJuRh5lQ+g3YWnyb2QwQhl0GgdmxtKAJ5G3
Media Attribute (a): ptime:20
Media Attribute (a): candidate:K6gXQsPK0KD4MsGa 1 UDP 2130706431 
70.36.25.66 37680 typ host
Media Attribute (a): candidate:K6gXQsPK0KD4MsGa 2 UDP 2130706430 
70.36.25.66 37681 typ host
Media Attribute (a): end-of-candidates




   1201 272.987349 192.168.2.2   70.36.25.65   SIP  695 
   Request: ACK sip:111@10.168.10.200:5080;transport=tls | 1201

Frame 1201: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on 
interface 0
Ethernet II, Src: Htc_50:62:7b (ac:37:43:50:62:7b), Dst: 9a:01:a7:d9:66:64 
(9a:01:a7:d9:66:64)
Internet Protocol Version 4, Src: 192.168.2.2, Dst: 70.36.25.65
Transmission Control Protocol, Src Port: 48182, Dst Port: 443, Seq: 8791, Ack: 
10303, Len: 629
Secure Sockets Layer
Session Initiation Protocol (ACK)
Request-Line: ACK sip:111@10.168.10.200:5080;transport=tls SIP/2.0
Message Header
Via: SIP/2.0/TLS 
192.168.2.2:48182;rport;branch=z9hG4bKPjFpv1IqHt9ON8nS6zOYuUZ5HxhNTDTBq7;alias
Max-Forwards: 70
From: "number" 
mailto:17813000...@.com>>;tag=ZmXcXh6ReoLbMco46J0fCpKOHkUR1sWF
To: 
sips:...@xxx.com<mailto:...@xxx.com>;tag=7t2StmvUeNpQD
Call-ID: yekcL-0b2PhpgdQo52l921tjX1Z8wErH
CSeq: 10885 ACK
Route: 

Route: 

Content-Length:  0


On 11 Jun 2018, at 13:32, Daniel-Constantin Mierla 
mailto:mico...@gmail.com>> wrote:


Hello,

can you paste here the 200OK for INVITE sent out by kamailio and the ACK 
received by kamailio?

Cheers,
Daniel

On 11.06.18 09:51, Arik Halperin wrote:
Daniel, Thank you!

You are right about this.

I configured PJSIP not to check whether the contact contains SIPS.

This solved the problem on one of my setups where I have one NIC that has a 
public IP.

However on the original setup, the kamailio has one public IP and one private 
IP. In that setup, the ACK to the 200 OK is not forwarded over the private IP 
to the freeswitch. This only happens in TLS, 

Re: [SR-Users] Problem with TLS

[Arik Halperin]

Daniel, Thank you!

You are right about this.

I configured PJSIP not to check whether the contact contains SIPS.

This solved the problem on one of my setups where I have one NIC that has a 
public IP.

However on the original setup, the kamailio has one public IP and one private 
IP. In that setup, the ACK to the 200 OK is not forwarded over the private IP 
to the freeswitch. This only happens in TLS, when I work with TCP it works 
well. I believe it is somehow connected to the record route, and I’m looking 
into PJSIP to try to find the answer, but is there anything I could do in the 
kamailio?

I have the same problems with other SIP clients(Bria for example)


Thanks,
Arik Halperin

On 11 Jun 2018, at 9:43, Daniel-Constantin Mierla 
mailto:mico...@gmail.com>> wrote:


Hello,

Kamailio is not involved in the issue reported here. Practically, pjsip expects 
sips: scheme in the contact URI, which was set by FreeSwitch in 200ok. Maybe 
there is an option that you have to turn on for FreeSwitch to use sips: scheme.

Otherwise, you can try to replace sip with sips in kamailio config and do the 
reverse the other way.

Cheers,
Daniel

On 05.06.18 06:56, Arik Halperin wrote:
Hello,

I’m using TLS

After receiving 200OK from kamailio:

r2voip.clear2voipdialer I/(NativeSdk_2_0) 1528174138320 PJSIP: (NativeSdk_2_0) 
1528174138320 PJSIP:2018-05 07:48:58.319   pjsua_core.c RX 2203 bytes Response 
msg 200/INVITE/cseq=8107 (rdata0x7a2c56fb38) from TLS 70.36.25.65:443:

   SIP/2.0 200 OK

   Via: SIP/2.0/TLS 
10.134.232.109:44097;received=109.253.173.146;rport=31373;branch=z9hG4bKPj4MV5llP9SW5ufk-OcFB-Qh78PmIQFrRk;alias

   Record-Route: 


   Record-Route: 


   From: "number" 
mailto:972523391...@kamprod.telemessage.com>>;tag=mgMLDFMLmCZGzcpASoODG8XgeFJVtcRO

   To: 
mailto:...@kamprod.telemessage.com>>;tag=64H63g861ajHj

   Call-ID: Sq4jR85o3Caz2XTXo-71FKAdbJ1x9vz2

   CSeq: 8107 INVITE

   Contact: 


   User-Agent: 
FreeSWITCH-mod_sofia/1.6.20+git~20180123T214909Z~987c9b9a2a~64bit

   Accept: application/sdp

   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, 
MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY

   Require: timer

   Supported: ti


PJSIP responds with:

Secure dialog requires SIPS scheme in Contact and Record-Route headers, ending 
the session

What is the reason for this? How can I fix this issue?

Thanks,
Arik Halperin



___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users



--
Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com/>
www.twitter.com/miconda<http://www.twitter.com/miconda> -- 
www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>
Kamailio World Conference -- 
www.kamailioworld.com<http://www.kamailioworld.com/>

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Problem with TLS

[Arik Halperin]

Hello,

I’m using TLS

After receiving 200OK from kamailio:

r2voip.clear2voipdialer I/(NativeSdk_2_0) 1528174138320 PJSIP: (NativeSdk_2_0) 
1528174138320 PJSIP:2018-05 07:48:58.319   pjsua_core.c RX 2203 bytes Response 
msg 200/INVITE/cseq=8107 (rdata0x7a2c56fb38) from TLS 70.36.25.65:443:

   SIP/2.0 200 OK

   Via: SIP/2.0/TLS 
10.134.232.109:44097;received=109.253.173.146;rport=31373;branch=z9hG4bKPj4MV5llP9SW5ufk-OcFB-Qh78PmIQFrRk;alias

   Record-Route: 


   Record-Route: 


   From: "number" 
mailto:972523391...@kamprod.telemessage.com>>;tag=mgMLDFMLmCZGzcpASoODG8XgeFJVtcRO

   To: 
mailto:...@kamprod.telemessage.com>>;tag=64H63g861ajHj

   Call-ID: Sq4jR85o3Caz2XTXo-71FKAdbJ1x9vz2

   CSeq: 8107 INVITE

   Contact: 


   User-Agent: 
FreeSWITCH-mod_sofia/1.6.20+git~20180123T214909Z~987c9b9a2a~64bit

   Accept: application/sdp

   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, 
MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY

   Require: timer

   Supported: ti


PJSIP responds with:

Secure dialog requires SIPS scheme in Contact and Record-Route headers, ending 
the session

What is the reason for this? How can I fix this issue?

Thanks,
Arik Halperin
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Working with users using external server

[Arik Halperin]

Hello,

I have a project for which I need to get user data(username and password) from 
an external server with REST APIs.

What is the best way to achieve this?

Thanks,
Arik Halperin

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Re: Audio stops after resuming call from hold

[Arik Halperin]

I had a similar issue with RTP engine. When I got hold and called 
rtpengine_manage it had errors.

 I’m using rtpengine_manage, so doing something like this:

 if(!is_present_hf("x-purpose")) {
if(nat_uac_test("8")) {
xlog("L_ERR","NATMANAGE DBG test 8\n");

if(ds_is_from_list()){
rtpengine_manage("replace-session-connection 
replace-origin direction=priv direction=pub");
} else {
rtpengine_manage("replace-session-connection 
replace-origin direction=pub direction=priv");
}
} else {
if(ds_is_from_list()) {
rtpengine_manage("replace-session-connection 
replace-origin trust-address direction=priv direction=pub");
} else {
rtpengine_manage("replace-session-connection 
replace-origin trust-address direction=pub direction=priv");
}
}
}

The x-purpose is a header I added in my sip client whenever I do hold.

I hope that helps.

Best Regards,
Arik 


> On 23 Mar 2018, at 16:50, gerry kernan  wrote:
> 
> I’ve been testing with jitsi softphone from a different location( customer 
> was using Zoiper which fails every time) and hold/unhold works every time, 
> mightn’t  be a Kamailio or rtpengine issue. I’ll do further tests to see if 
> it local firewall/network
>  
>  
>  
> Best Regards
>  
> Gerry Kernan
>  
> From: sr-users [mailto:sr-users-boun...@lists.kamailio.org] On Behalf Of 
> Sergiu Pojoga
> Sent: 23 March 2018 12:50
> To: Kamailio (SER) - Users Mailing List 
> Subject: Re: [SR-Users]  Re: Audio stops after resuming call from 
> hold
>  
> Config code looks solid to me. Look at the 'c=' in SDP in the forward and 
> reply re-INVITEs. If it gets properly overwritten (same way as it is for the 
> dialog forming INVITE) when rtpengine is engaged, then I believe we are 
> facing some kind of bug in the 4.2 version of Kamailio, something about this 
> thread: 
> https://lists.kamailio.org/pipermail/sr-users/2012-September/074567.html 
> 
>  
> I can't upgrade Kamailio at the moment to test my theory as it's a production 
> environment, but may be you can?
>  
> On Fri, Mar 23, 2018 at 6:17 AM, gerry kernan  > wrote:
>> Hi 
>>  
>> I think my issue is related to rtpengine when the call is take off hold. Im 
>> using a private address and a public address . below is route section of our 
>> Kamailio.cfg and do I have somethimg setup incorrectly for handleing 
>> re-invites?
>>  
>>  
>> /usr/sbin/rtpengine --pidfile /var/run/rtpengine.pid --table=-1 
>> --interface=priv/192.X.X.X --interface=pub/212.X.X.X 
>> --listen-ng=127.0.0.1:7722  --tos=184 --timeout=60 
>> --log-level=7 --log-facility=local5 --homer-protocol=udp --homer-id=2011
>>  
>>  
>> request_route {
>>  
>> route(SANITY);
>>  
>> force_rport();
>>  
>> # CANCEL processing
>> if (is_method("CANCEL")) {
>> if (t_check_trans()) {
>> route(RELAY);
>> }
>> exit;
>> }
>>  
>> # handle retransmissions
>> if (!is_method("ACK")) {
>> if(t_precheck_trans()) {
>> t_check_trans();
>> exit;
>> }
>> t_check_trans();
>> }
>>  
>> # handle requests within SIP dialogs
>> route(WITHINDLG);
>>  
>> ### only initial requests (no To tag)
>>  
>> # record routing for dialog forming requests (in case they are 
>> routed)
>> if (is_method("INVITE|SUBSCRIBE")) {
>> record_route();
>> }
>>  
>> if (af==INET) {
>> route(SIPIPV4);
>> } else {
>> route(SIPIPV6);
>> }
>> }
>>  
>> # Stateful fowarding
>> route[RELAY] {
>> if (!t_relay()) {
>> sl_reply_error();
>> }
>> exit;
>> }
>>  
>> # Handle requests within SIP dialogs
>> route[WITHINDLG] {
>> if (!has_totag()) return;
>>  
>> # sequential request withing a dialog should
>> # take the path determined by record-routing
>> if (loose_route()) {
>> route(DLGURI);
>> if ( is_method("ACK") ) {
>> # ACK is forwarded statelessly
>> if (has_body("application/sdp")) {
>> rtpengine_answer();
>> }
>> } else if ( is_method("NOTIFY") ) {
>> # Add Record-Route for in-dialog NOTIFY as per 

Re: [SR-Users] Problem with resuming suspended transacation

[Arik Halperin]

I had a bug, I was resuming the wrong transaction indeed. I created a new 
transaction for the purpose of http async in a different route and this was 
causing the issue.

Actually managed to solve it after I posted this question.


> On 13 Apr 2018, at 9:55, Kjeld Flarup <kjeld.fla...@liberalismen.dk> wrote:
> 
> You are suspending in [6039] and resuming in [6092], does these two processes 
> share memory?
> 
>   Kjeld
> 
> 2018-04-12 11:52 GMT+02:00 Arik Halperin <a...@mobilinq.io 
> <mailto:a...@mobilinq.io>>:
> Hello,
> 
>  
> 
> I’m trying to resume a suspended transaction, but keep getting this error:
> 
>  
> 
> WARNING: tm [t_suspend.c:193]: t_continue(): transaction is not suspended 
> [20608:1256194941]
> 
> WARNING: tmx [tmx_mod.c:686]: w_t_continue(): resuming the processing of 
> transaction [20608:1256194941] failed
> 
> WARNING: tm [t_lookup.c:1483]: t_unref(): script writer didn't release 
> transaction
> 
>  
> 
>  
> 
> I’m implementing push handling, in INVITE I do the following:
> 
>  
> 
> route[INVITE] {
> 
>   if (!lookup("location"))
> 
>   {
> 
>  
> 
>send_reply("100", "Trying");
> 
> record_route();
> 
> route(SUSPEND);
> 
>   }
> 
>   else
> 
>   {
> 
>  # NAT detection
> 
>  route(NATMANAGE);
> 
>  if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
> 
> record_route();
> 
>  t_relay();
> 
>  ts_store();
> 
>  $sht(vtp=>stored::$rU) = 1;
> 
> }
> 
> route(SENDPUSH);
> 
> }
> 
>  
> 
> # suspend the transaction
> 
> route[SUSPEND] {
> 
>  
> 
> if(!t_suspend()) //Transaction is suspended!
> 
> {
> 
>   exit;
> 
> }
> 
> $sht(vtp=>join::$rU) = "" + $T(id_index) + ":" +$T(id_label);
> 
> }
> 
>  
> 
> In Register I call the PUSHJOIN route:
> 
>  
> 
> # append branches or resume the transaction
> 
> route[PUSHJOIN] {
> 
> $var(hjoin) = 0;
> 
> lock("$tU");
> 
> $var(hjoin) = $sht(vtp=>join::$tU);
> 
> $var(hstored) = $sht(vtp=>stored::$tU);
> 
> $sht(vtp=>join::$tU) = $null;
> 
> unlock("$tU");
> 
> if ($var(hjoin)==0)
> 
> {
> 
> if ($var(hstored))
> 
> ts_append("location", "$tu");
> 
> return;
> 
> }
> 
> $var(id_index) = $(var(hjoin){s.select,0,:}{s.int <http://s.int/>});
> 
> $var(id_label) = $(var(hjoin){s.select,1,:}{s.int <http://s.int/>});
> 
> ($var(hjoin))\n");
> 
>  t_continue("$var(id_index)", "$var(id_label)", "INVRESUME");
> 
> }
> 
>  
> 
>  
> 
> For some reason I keep getting:
> 
>  
> 
> Apr 12 12:37:11 kamprod /usr/local/sbin/kamailio[6039]: ERROR: 

Re: [SR-Users] Kamailio with 2 Public and Private IPs- SIP Call flow issues

[Arik Halperin]

Thanks, Issue is solved with double rr

Arik

> On 16 Apr 2018, at 12:13, Federico Cabiddu <federico.cabi...@gmail.com> wrote:
> 
> Hi,
> your INVITE contains a single Record-Route, with Kamailio's Public IP 
> address. Freewitch in the following in0dialog messages, as the BYE is, will 
> have nowhere else to send them than the public IP.
> If you want FS to send in-dialog messages to the private IP you have to have 
> two Record-Route headers:
> http://www.kamailio.org/docs/modules/devel/modules/rr.html#rr.p.enable_double_rr
>  
> <http://www.kamailio.org/docs/modules/devel/modules/rr.html#rr.p.enable_double_rr>
> 
> Best regards,
> 
> Federico
> 
> On Mon, Apr 16, 2018 at 11:05 AM, arik halperin <arik.halpe...@s3code.com 
> <mailto:arik.halpe...@s3code.com>> wrote:
> Hello,
> 
>  
> 
> I have the following setup:
> 
>  
> 
> Kamailio:
> 
>   Public Interface 70.36.25.65
> 
>   Private Interface 10.168.10.227
> 
>  
> 
> Freeswitch:
> 
>Private Interface 10.168.10.200
> 
>  
> 
> I’m routing calls from kamailio to freeswitch, but when I try to hang up the 
> call the freeswitch sends the BYE to the public address(70.36.25.65) and not 
> to the private address 10.168.10.227. 200OK and ACK work correctly. It’s only 
> the BYE that has an issue.
> 
>  
> 
>  
> 
> Showing INVITES:
> 
>  
> 
> Client Invite:
> 
>  
> 
> T 82.80.164.63:53871 <http://82.80.164.63:53871/> -> 70.36.25.65:5099 
> <http://70.36.25.65:5099/> [AP]
> 
> INVITE sip:+972549428460@70.36.25.65:5099 
> <http://sip:+972549428460@70.36.25.65:5099/> SIP/2.0.
> 
> Via: SIP/2.0/TCP 
> 10.0.0.42:51619;branch=z9hG4bK-524287-1---52dcc73ec891de14;rport.
> 
> Max-Forwards: 70.
> 
> Contact: <sip:972545234585@82.80.164. 
> <mailto:sip%3A972545234585@82.80.164.>63:51620;rinstance=1f9d21b54116df89;transport=tcp>.
> 
> To: <sip:+972549428460@70.36.25.65:5099 
> <http://sip:+972549428460@70.36.25.65:5099/>>.
> 
> From: "972545234585"<sip:972545234585@70.36.25.65:5099 
> <http://sip:972545234585@70.36.25.65:5099/>>;tag=902c5325.
> 
>  
> 
> Kamailio to FS:
> 
>  
> 
> T 10.168.10.227:46506 <http://10.168.10.227:46506/> -> 10.168.10.200:5080 
> <http://10.168.10.200:5080/> [AP]
> 
> INVITE sip:+972549428460@70.36.25.65:5099 
> <http://sip:+972549428460@70.36.25.65:5099/> SIP/2.0.
> 
> Record-Route:  <http://70.36.25.65:5099/>;transport=tcp;lr=on;ftag=902c5325;nat=yes>.
> 
> Via: SIP/2.0/TCP 
> 70.36.25.65:5099;branch=z9hG4bK1117.1b91cfe0632bd6f036b308f85898e862.1;i=1.
> 
> Via: SIP/2.0/TCP 
> 10.0.0.42:51619;received=82.80.164.63;branch=z9hG4bK-524287-1---9b6758521ff0f528;rport=53871.
> 
> Max-Forwards: 69.
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> 
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users



smime.p7s
Description: S/MIME cryptographic signature
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Kamailio with 2 Public and Private IPs- SIP Call flow issues

[arik halperin]

Hello,

 

I have the following setup:

 

 Kamailio:

  Public Interface 70.36.25.65

  Private Interface 10.168.10.227

 

Freeswitch:

   Private Interface 10.168.10.200

 

I’m routing calls from kamailio to freeswitch, but when I try to hang up the 
call the freeswitch sends the BYE to the public address(70.36.25.65) and not to 
the private address 10.168.10.227. 200OK and ACK work correctly. It’s only the 
BYE that has an issue.

 

 

Showing INVITES:

 

Client Invite:

 

T 82.80.164.63:53871 -> 70.36.25.65:5099 [AP]

INVITE sip:+972549428460@70.36.25.65:5099 SIP/2.0.

Via: SIP/2.0/TCP 
10.0.0.42:51619;branch=z9hG4bK-524287-1---52dcc73ec891de14;rport.

Max-Forwards: 70.

Contact: 
.

To: .

From: "972545234585";tag=902c5325.

 

Kamailio to FS:

 

T 10.168.10.227:46506 -> 10.168.10.200:5080 [AP]

INVITE sip:+972549428460@70.36.25.65:5099 SIP/2.0.

Record-Route: .

Via: SIP/2.0/TCP 
70.36.25.65:5099;branch=z9hG4bK1117.1b91cfe0632bd6f036b308f85898e862.1;i=1.

Via: SIP/2.0/TCP 
10.0.0.42:51619;received=82.80.164.63;branch=z9hG4bK-524287-1---9b6758521ff0f528;rport=53871.

Max-Forwards: 69.

 

 

 

 

 

 

 

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Problem with resuming suspended transacation

[Arik Halperin]

Hello,

I’m trying to resume a suspended transaction, but keep getting this error:

WARNING: tm [t_suspend.c:193]: t_continue(): transaction is not suspended 
[20608:1256194941]
WARNING: tmx [tmx_mod.c:686]: w_t_continue(): resuming the processing of 
transaction [20608:1256194941] failed
WARNING: tm [t_lookup.c:1483]: t_unref(): script writer didn't release 
transaction


I’m implementing push handling, in INVITE I do the following:

route[INVITE] {
  if (!lookup("location"))
  {

   send_reply("100", "Trying");
record_route();
route(SUSPEND);
  }
  else
  {
 # NAT detection
 route(NATMANAGE);
 if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
record_route();
 t_relay();
 ts_store();
 $sht(vtp=>stored::$rU) = 1;
}
route(SENDPUSH);
}

# suspend the transaction
route[SUSPEND] {

if(!t_suspend()) //Transaction is suspended!
{
  exit;
}
$sht(vtp=>join::$rU) = "" + $T(id_index) + ":" +$T(id_label);
}

In Register I call the PUSHJOIN route:

# append branches or resume the transaction
route[PUSHJOIN] {
$var(hjoin) = 0;
lock("$tU");
$var(hjoin) = $sht(vtp=>join::$tU);
$var(hstored) = $sht(vtp=>stored::$tU);
$sht(vtp=>join::$tU) = $null;
unlock("$tU");
if ($var(hjoin)==0)
{
if ($var(hstored))
ts_append("location", "$tu");
return;
}
$var(id_index) = $(var(hjoin){s.select,0,:}{s.int});
$var(id_label) = $(var(hjoin){s.select,1,:}{s.int});
($var(hjoin))\n");
 t_continue("$var(id_index)", "$var(id_label)", "INVRESUME");
}


For some reason I keep getting:

Apr 12 12:37:11 kamprod /usr/local/sbin/kamailio[6039]: ERROR: 

Re: [SR-Users] Problem capturing packets from kamailio to homer sip-capture

[Arik Halperin]

Thank you. That was it. I can now capture packets from kamailio.

Arik




> On 5 Apr 2018, at 9:25, David Villasmil <david.villasmil.w...@gmail.com> 
> wrote:
> 
> yep, you only enabled tcp to listen, but trying to send on udp, you need to 
> also enabled udp 
> ᐧ
> 
> Regards,
> 
> David Villasmil
> email: david.villasmil.w...@gmail.com <mailto:david.villasmil.w...@gmail.com>
> phone: +34669448337
> 
> On Thu, Apr 5, 2018 at 8:16 AM, Federico Cabiddu <federico.cabi...@gmail.com 
> <mailto:federico.cabi...@gmail.com>> wrote:
> Hi,
> is your kamailio listening at list on one udp socket? Siptrace module uses 
> kamailio's listening socket to send out hep messages.
> 
> Regards,
> 
> Federico
> 
> 
> On Thu, 5 Apr 2018 08:09 Arik Halperin, <a...@mobilinq.io 
> <mailto:a...@mobilinq.io>> wrote:
> Hello,
> 
>  
> 
> My kamailio is listening to TCP, so when I try to duplicate packets to homer,
> 
> It tries to send them as TCP. From the log I see:
> 
>  
> 
> Apr  5 08:21:45 kamprod /usr/local/sbin/kamailio[16309]: ERROR:  
> [core/forward.c:181]: get_out_socket(): no socket found
> 
> Apr  5 08:21:45 kamprod /usr/local/sbin/kamailio[16309]: ERROR:  
> [core/forward.c:183]: get_out_socket(): no corresponding socket found 
> for(udp:10.168.10.229:5090 <http://10.168.10.229:5090/>)
> 
> Apr  5 08:21:45 kamprod /usr/local/sbin/kamailio[16309]: ERROR: siptrace 
> [siptrace.c:1940]: trace_send_hep2_duplicate(): can't forward to af 2, proto 
> 1 no correspondi
> 
>  
> 
> Which is rather strange to me, because the protocol is defined to be UDP for 
> HEP:
> 
>  
> 
> corresponding socket found for(udp:10.168.10.229:5090 
> <http://10.168.10.229:5090/>)
> 
>  
> 
> How can I fix this?
> 
>  
> 
> Thanks,
> 
> Arik
> 
>  
> 
>  
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> 
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users



smime.p7s
Description: S/MIME cryptographic signature
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Problem capturing packets from kamailio to homer sip-capture

[Arik Halperin]

Hello,

My kamailio is listening to TCP, so when I try to duplicate packets to homer,
It tries to send them as TCP. From the log I see:

Apr  5 08:21:45 kamprod /usr/local/sbin/kamailio[16309]: ERROR:  
[core/forward.c:181]: get_out_socket(): no socket found
Apr  5 08:21:45 kamprod /usr/local/sbin/kamailio[16309]: ERROR:  
[core/forward.c:183]: get_out_socket(): no corresponding socket found 
for(udp:10.168.10.229:5090)
Apr  5 08:21:45 kamprod /usr/local/sbin/kamailio[16309]: ERROR: siptrace 
[siptrace.c:1940]: trace_send_hep2_duplicate(): can't forward to af 2, proto 1 
no correspondi

Which is rather strange to me, because the protocol is defined to be UDP for 
HEP:

corresponding socket found for(udp:10.168.10.229:5090)

How can I fix this?

Thanks,
Arik


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Problems with dispatcher reload

[arik halperin]

Thank you!

 

Indeed I had a problem with my config.

 

Arik

 

From: Daniel-Constantin Mierla <mico...@gmail.com>
Reply-To: <mico...@gmail.com>
Date: Wednesday, 21 March 2018 at 16:30
To: arik halperin <arik.halpe...@s3code.com>, "Kamailio (SER) - Users Mailing 
List" <sr-users@lists.kamailio.org>, <paulo.ferre...@fccn.pt>
Subject: Re: [SR-Users] Problems with dispatcher reload

 

 

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Problems with dispatcher reload

[arik halperin]

Dispatcher reload is indeed not in the list below.

 

 

kamctl srv rpclist

list server rpc commands

{

  "jsonrpc":  "2.0",

  "result": [

    "cfg.add_group_inst",

    "cfg.commit",

    "cfg.del",

    "cfg.del_delayed",

    "cfg.del_group_inst",

    "cfg.diff",

    "cfg.get",

    "cfg.help",

    "cfg.list",

    "cfg.reset",

    "cfg.rollback",

    "cfg.set",

    "cfg.set_delayed",

    "cfg.set_delayed_int",

    "cfg.set_delayed_string",

    "cfg.set_now_int",

    "cfg.set_now_string",

    "cfg.seti",

    "cfg.sets",

    "cnt.get",

    "cnt.get_raw",

    "cnt.get_vars",

    "cnt.grp_get_all",

    "cnt.grps_list",

    "cnt.help",

    "cnt.list_groups",

    "cnt.list_vars",

    "cnt.reset",

    "cnt.var_list",

    "core.aliases_list",

    "core.arg",

    "core.echo",

    "core.flags",

    "core.info",

    "core.kill",

    "core.modules",

    "core.ppdefines",

    "core.printi",

    "core.prints",

    "core.ps",

    "core.psx",

    "core.pwd",

    "core.shmmem",

    "core.sockets_list",

    "core.tcp_info",

    "core.tcp_list",

    "core.tcp_options",

    "core.udp4_raw_info",

    "core.uptime",

    "core.version",

    "corex.debug",

    "corex.list_aliases",

    "corex.list_sockets",

    "corex.pkg_summary",

    "corex.shm_status",

    "corex.shm_summary",

    "ctl.connections",

    "ctl.listen",

    "ctl.who",

    "dns.add_a",

    "dns.add_",

    "dns.add_srv",

    "dns.debug",

    "dns.debug_all",

    "dns.delete_a",

    "dns.delete_",

    "dns.delete_all",

    "dns.delete_all_force",

    "dns.delete_cname",

    "dns.delete_ebl",

    "dns.delete_naptr",

    "dns.delete_ptr",

    "dns.delete_srv",

    "dns.delete_txt",

    "dns.lookup",

    "dns.mem_info",

    "dns.view",

    "dst_blacklist.add",

    "dst_blacklist.debug",

    "dst_blacklist.delete_all",

    "dst_blacklist.mem_info",

    "dst_blacklist.view",

    "jsonrpc.echo",

    "mod.stats",

    "pkg.stats",

    "pv.shvGet",

    "pv.shvSet",

    "sl.stats",

    "stats.clear_statistics",

    "stats.fetch",

    "stats.get_statistics",

    "stats.reset_statistics",

    "system.listMethods",

    "system.methodHelp",

    "system.methodSignature",

    "tm.cancel",

    "tm.clean",

    "tm.hash_stats",

    "tm.list",

    "tm.reply",

    "tm.reply_callid",

    "tm.stats",

    "tm.t_uac_start",

    "tm.t_uac_wait",

    "ul.add",

    "ul.db_contacts",

    "ul.db_expired_contacts",

    "ul.db_users",

    "ul.dump",

    "ul.flush",

    "ul.lookup",

    "ul.rm",

    "ul.rm_contact"

  ],

  "id": 31371

}

 

From: Daniel-Constantin Mierla <mico...@gmail.com>
Reply-To: <mico...@gmail.com>
Date: Wednesday, 21 March 2018 at 16:02
To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>, arik 
halperin <arik.halpe...@s3code.com>, <paulo.ferre...@fccn.pt>
Subject: Re: [SR-Users] Problems with dispatcher reload

 

Hello,

can you give the output for next command?

kamctl srv rpclist

Cheers,
Daniel

On 21.03.18 14:57, arik halperin wrote:

Yes, I did, same result.

 

kamctl rpc dispatcher.reload

{

  "jsonrpc":  "2.0",

  "error":  {

"code": 500,

"message":  "Method Not Found"

  },

  "id": 31340

}

 

From: sr-users <sr-users-boun...@lists.kamailio.org> on behalf of Paulo 
Ferreira <paulo.ferre...@fccn.pt>
Organization: FCCN
Reply-To: <paulo.ferre...@fccn.pt>, "Kamailio (SER) - Users Mailing List" 
<sr-users@lists.kamailio.org>
Date: Wednesday, 21 March 2018 at 15:09
To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] Problems with dispatcher reload

 

kamctl rpc dispatcher.reload




___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Problems with dispatcher reload

[arik halperin]

Yes, I did, same result.

 

kamctl rpc dispatcher.reload

{

  "jsonrpc":  "2.0",

  "error":  {

    "code": 500,

    "message":  "Method Not Found"

  },

  "id": 31340

}

 

From: sr-users  on behalf of Paulo 
Ferreira 
Organization: FCCN
Reply-To: , "Kamailio (SER) - Users Mailing List" 

Date: Wednesday, 21 March 2018 at 15:09
To: "Kamailio (SER) - Users Mailing List" 
Subject: Re: [SR-Users] Problems with dispatcher reload

 

kamctl rpc dispatcher.reload

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Problems with dispatcher reload

[Arik Halperin]

Hello,
I’ve installed kamailio 5.1 but when I run:

kamctl dispatcher reload

I get:

{
  "jsonrpc":  "2.0",
  "error":  {
"code": 500,
"message":  "Method Not Found"
  },
  "id": 31222
}

How do I fix this?

Thanks,
Arik Halperin
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users