Re: [SR-Users] TLS and TCP port question

2020-01-24 Thread Cyrille Demaret 
Sorry, forget my message, I was having an error in my config…

 

 

De : sr-users  De la part de Cyrille
Demaret
Envoyé : vendredi 24 janvier 2020 15:44
À : 'Kamailio (SER) - Users Mailing List' 
Objet : [SR-Users] TLS and TCP port question

 

Hi,

 

I’m trying to implement kamailio as a Teams SBC as described here :
<https://skalatan.de/en/blog/kamailio-sbc-teams>
https://skalatan.de/en/blog/kamailio-sbc-teams (thanks to the author, I
think he’s here)

 

I’m using Kamailio 5.2.1 and I still have a problem to have the SBC active
on the Microsoft side. I’m correctly receiving the OPTIONS packet from
Microsoft but I have some doubt on my OK reply.

 

Here’s the dialog captured in sngrep using the siptrace module :

 



 

The OPTIONS packet I receive from Microsoft contains a Contact header with a
different port as the original packet. So, Kamailio send the 200 OK back to
this port.

 

However, when I capture packets using tcpdump, I can see that there’s no
connection to 52.114.76.76:5061 :

 

15:01:35.466926 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 1, win
2053, length 0

15:01:35.467383 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [P.], seq 1:189,
ack 1, win 2053, length 188

15:01:35.467423 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [.], ack 189,
win 237, length 0

15:01:35.478535 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [.], seq 1:2881,
ack 189, win 237, length 2880

15:01:35.478771 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [P.], seq
2881:3017, ack 189, win 237, length 136

15:01:35.498028 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 2881,
win 2053, length 0

15:01:35.551569 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 3017,
win 2052, length 0

15:01:35.765965 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [P.], seq
189:282, ack 3017, win 2052, length 93

15:01:35.767719 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [P.], seq
3017:3259, ack 282, win 237, length 242

15:01:35.800634 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [P.], seq
282:825, ack 3259, win 2051, length 543

15:01:35.802362 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [P.], seq
3259:3656, ack 825, win 245, length 397

15:01:35.863823 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 3656,
win 2050, length 0

 

If I check the Kamailio log file :

 

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) exec: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} *** cfgtrace:request_route=[REQINIT]
c=[/etc/kamailio/kamailio.cfg] l=613 a=26 n=sl_send_reply

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/msg_translator.c:162]:
check_via_address(): (52.114.76.76, 52.114.76.76, 0)

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} sl [sl_funcs.c:500]:
sl_run_callbacks(): execute callback for event type 1

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} sl [sl_funcs.c:500]:
sl_run_callbacks(): execute callback for event type 1

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace.c:1364]:
trace_sl_onreply_out(): trace off...

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2225]:
tcpconn_send_put(): send from reader (17837 (25)), reusing fd

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2460]:
tcpconn_do_send(): sending...

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2494]:
tcpconn_do_send(): after real write: c= 0x7f81740edb30 n=397 fd=8

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2495]:
tcpconn_do_send(): buf=

Jan 24 15:01:35 mysbc kamailio[17788]:
#027#003#003#001...M...t.[.._..gu..-3.8D#027#022..J.>..a..H.AË..
..)om.Oh.O.1.A..'.Fa...c.9..M}...#004O..#004

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace_hep.c:498]:
pipport2su(): the port string is 5061

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace_hep.c:498]:
pipport2su(): the port string is 5061

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/proxy.c:264]: mk_proxy():
doing DNS lookup...

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace_hep.c:302]:
trace_send_hep2_duplicate(): setting up the socket_info

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) exec: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} *** cfgtrace:request_route=[REQINIT]
c=[/etc

[SR-Users] TLS and TCP port question

2020-01-24 Thread Cyrille Demaret 
Hi,

 

I’m trying to implement kamailio as a Teams SBC as described here :

https://skalatan.de/en/blog/kamailio-sbc-teams (thanks to the author, I
think he’s here)

 

I’m using Kamailio 5.2.1 and I still have a problem to have the SBC active
on the Microsoft side. I’m correctly receiving the OPTIONS packet from
Microsoft but I have some doubt on my OK reply.

 

Here’s the dialog captured in sngrep using the siptrace module :

 



 

The OPTIONS packet I receive from Microsoft contains a Contact header with a
different port as the original packet. So, Kamailio send the 200 OK back to
this port.

 

However, when I capture packets using tcpdump, I can see that there’s no
connection to 52.114.76.76:5061 :

 

15:01:35.466926 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 1, win
2053, length 0

15:01:35.467383 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [P.], seq 1:189,
ack 1, win 2053, length 188

15:01:35.467423 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [.], ack 189,
win 237, length 0

15:01:35.478535 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [.], seq 1:2881,
ack 189, win 237, length 2880

15:01:35.478771 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [P.], seq
2881:3017, ack 189, win 237, length 136

15:01:35.498028 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 2881,
win 2053, length 0

15:01:35.551569 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 3017,
win 2052, length 0

15:01:35.765965 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [P.], seq
189:282, ack 3017, win 2052, length 93

15:01:35.767719 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [P.], seq
3017:3259, ack 282, win 237, length 242

15:01:35.800634 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [P.], seq
282:825, ack 3259, win 2051, length 543

15:01:35.802362 IP MY_IP.sip-tls > 52.114.76.76.3008: Flags [P.], seq
3259:3656, ack 825, win 245, length 397

15:01:35.863823 IP 52.114.76.76.3008 > MY_IP.sip-tls: Flags [.], ack 3656,
win 2050, length 0

 

If I check the Kamailio log file :

 

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) exec: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} *** cfgtrace:request_route=[REQINIT]
c=[/etc/kamailio/kamailio.cfg] l=613 a=26 n=sl_send_reply

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/msg_translator.c:162]:
check_via_address(): (52.114.76.76, 52.114.76.76, 0)

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} sl [sl_funcs.c:500]:
sl_run_callbacks(): execute callback for event type 1

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} sl [sl_funcs.c:500]:
sl_run_callbacks(): execute callback for event type 1

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace.c:1364]:
trace_sl_onreply_out(): trace off...

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2225]:
tcpconn_send_put(): send from reader (17837 (25)), reusing fd

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2460]:
tcpconn_do_send(): sending...

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2494]:
tcpconn_do_send(): after real write: c= 0x7f81740edb30 n=397 fd=8

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/tcp_main.c:2495]:
tcpconn_do_send(): buf=

Jan 24 15:01:35 mysbc kamailio[17788]:
#027#003#003#001...M...t.[.._..gu..-3.8D#027#022..J.>..a..H.AË..
..)om.Oh.O.1.A..'.Fa...c.9..M}...#004O..#004

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace_hep.c:498]:
pipport2su(): the port string is 5061

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace_hep.c:498]:
pipport2su(): the port string is 5061

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/proxy.c:264]: mk_proxy():
doing DNS lookup...

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} siptrace [siptrace_hep.c:302]:
trace_send_hep2_duplicate(): setting up the socket_info

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) exec: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c} *** cfgtrace:request_route=[REQINIT]
c=[/etc/kamailio/kamailio.cfg] l=614 a=2 n=exit

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS
fcde6307-1d3b-42fd-91bd-4547744fa00c}  [core/receive.c:353]:
receive_msg(): request-route executed in: 1018 usec

Jan 24 15:01:35 mysbc kamailio[17788]: 25(17837) DEBUG: {1 1 OPTIONS

Re: [SR-Users] TLS to TCP

2017-05-12 Thread David Villasmil 
Hello,

Thanks for the replies guys!

Juha was right, it's the client... funny thing, though:

When calling:

Client->kamailio->asterisk->gw   This works fine...

But when calling:

Client->kamilio->freeswitch->gwThis does NOT work...

I'm thinking maybe there's some topology hiding somewhere, so that the
client doesn't realizes the siganlling is being downgraded...


Any ideas? (I will take a look at the other kam's config)

David

ᐧ

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337

On Fri, May 12, 2017 at 6:48 PM, Colin Morelli 
wrote:

> Kamailio could be ending the call, though it may also be one of the
> endpoints.
>
> Anyway, if your clients are dialing sips: URIs, then it is required that
> the signaling be TLS end-to-end. If you are trying to translate TLS to TCP,
> you should use sip:u...@domain.com;transport=tls. This should enforce TLS
> from the client -> proxy, but allow the proxy to use its preferred
> transport.
>
> The reason the call wouldn't end until it's established is because it's
> not until this time that the any party receives a list of Record-Route
> headers. If using sips: and a record-route comes back that indicates that a
> hop did not use TLS, the call would end.
>
> Best,
> Colin
>
> On Fri, May 12, 2017 at 12:44 PM, Juha Heinanen  wrote:
>
>> David Villasmil writes:
>>
>> > I have a kamailio 4.2.8 receiving on tls and i'm trying to forward on
>> tcp,
>> > but AFTER the call is established, kamailio hangs the call with "SIPS
>> > required"...
>>
>> Are you sure that it is K that hangs the established call?
>>
>> -- Juha
>>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] TLS to TCP

2017-05-12 Thread Colin Morelli 
Kamailio could be ending the call, though it may also be one of the
endpoints.

Anyway, if your clients are dialing sips: URIs, then it is required that
the signaling be TLS end-to-end. If you are trying to translate TLS to TCP,
you should use sip:u...@domain.com;transport=tls. This should enforce TLS
from the client -> proxy, but allow the proxy to use its preferred
transport.

The reason the call wouldn't end until it's established is because it's not
until this time that the any party receives a list of Record-Route headers.
If using sips: and a record-route comes back that indicates that a hop did
not use TLS, the call would end.

Best,
Colin

On Fri, May 12, 2017 at 12:44 PM, Juha Heinanen  wrote:

> David Villasmil writes:
>
> > I have a kamailio 4.2.8 receiving on tls and i'm trying to forward on
> tcp,
> > but AFTER the call is established, kamailio hangs the call with "SIPS
> > required"...
>
> Are you sure that it is K that hangs the established call?
>
> -- Juha
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] TLS to TCP

2017-05-12 Thread Juha Heinanen 
David Villasmil writes:

> I have a kamailio 4.2.8 receiving on tls and i'm trying to forward on tcp,
> but AFTER the call is established, kamailio hangs the call with "SIPS
> required"...

Are you sure that it is K that hangs the established call?

-- Juha

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] TLS to TCP

2017-05-12 Thread David Villasmil 
Hello Guys,

I have a kamailio 4.2.8 receiving on tls and i'm trying to forward on tcp,
but AFTER the call is established, kamailio hangs the call with "SIPS
required"...

Has this happened to anyone?

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337
ᐧ
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users