Re: [SR-Users] dispatch REGISTER over TLS

2019-11-10 Thread David Villasmil 
Yes you can, it’s totally doable.
But you must have one socket for unencrypted and one for encrypted. So you
need 2 “listen” one TLS and one TCP.


On Sun, 10 Nov 2019 at 02:16, sthustfo  wrote:

> Well, I was hoping there was a way to proxy from non secure (WS) to secure
> one (TLS) upstream.
>
>
> On Sun, Nov 10, 2019 at 6:12 AM David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> You need to have a TLS listen like
>>
>> https://kamailio.org/docs/tls-1.3.x.html#AEN192
>>
>>
>> On Sun, 10 Nov 2019 at 00:32, David Villasmil <
>> david.villasmil.w...@gmail.com> wrote:
>>
>>> From what you paste, 8080 is not TLS
>>>
>>> On Sat, 9 Nov 2019 at 23:29, sthustfo  wrote:
>>>
 Kamailio listening on WS only as seen from below log snippet. As I
 mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards
 the SIP server.

  0(3268) INFO:  [core/sctp_core.c:74]: sctp_core_check_support():
 SCTP API not enabled - if you want to use it, load sctp module
 Listening on
  tcp: 10.0.0.14 [10.0.0.14]:8080
 Aliases:
  *: test.example.com:*

 And here is the relevant portion from config file.
 listen=tcp:10.0.0.14:8080

 With the above, I modified dispatcher.list as below
 # setid(integer) destination(sip uri) flags (integer, optional),
 priority(int,opt), attrs (str,optional)
 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080
 ;ping_from=sip:10.0.0.14

 With the above change, I see following in the logs

  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
 protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:
 10.0.0.100:5061)
  1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket
 found for "10.0.0.100" af 2 (tls:10.0.0.100:5061)
  1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found
  1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to
 ping [sip:10.0.0.100:5061;transport=tls]
  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
 protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:
 10.0.0.100:5061)

 But not attempts to connect to the SIP server.

 On Sat, Nov 9, 2019 at 11:48 PM David Villasmil <
 david.villasmil.w...@gmail.com> wrote:

> Please paste the “listen” parameters from the config.
>
> On Sat, 9 Nov 2019 at 18:04, David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> Is kamailio listening in that socket?
>>
>> On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:
>>
>>> Thanks Karsten. Instead of SIP server, I ran a simple socket
>>> listener program to see if dispatcher is attempting to connect to it or
>>> not. But it did not receive any client connection attempts. So after
>>> looking at the logs, I found below log statements. Any idea why this 
>>> might
>>> have happened?
>>>
>>>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
>>> socket 
>>>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list():
>>> unable to add destination sip:10.0.0.100:5061;transport=tls to set
>>> 1007 -- skipping
>>>
>>> dispatcher.list file pasted below contains the address. Why would
>>> this be an error?
>>>
>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>> priority(int,opt), attrs (str,optional)
>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061
>>> ;ping_from=sip:10.0.0.14
>>>
>>>
>>> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
>>> wrote:
>>>
 Hi,

 I guess the dispatcher is not able to get an 200 okay from your
 upstream tls / sipserver. And so the dispatcher did his job. Find no 
 active
 dispatcher targets, then told you that.

 You find more about the dispatcher state with kamctl dispatcher
 dump or kamcmd dispatcher.list

 And read the module docu of dispatcher, they explain you the states
 of the commands above.

 Hints here:

 Reading dispatcher docu, understand the states, read tls (maybe
 that's your root cause).


 Cheers
 Karsten

 sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:

> Thanks David. You are right, ds_select_dst() is failing and error
> log is shown.
>
>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}
> dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets
>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] 
> l=970 a=25
> n=xdbg
>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-10 Thread Karsten Horsmann 
Hi,


AFAIK connection from unencrypted to encrypted needs encryption (here
Kamailio with tls socket to talk to your upstream).

Maybe this all in one config example from havfo helps you more:


https://github.com/havfo/WEBRTC-to-SIP/blob/master/README.md

To give you some ideas what you can do and how.

Cheers
Karsten

sthustfo  schrieb am So., 10. Nov. 2019, 03:14:

> Well, I was hoping there was a way to proxy from non secure (WS) to secure
> one (TLS) upstream.
>
>
> On Sun, Nov 10, 2019 at 6:12 AM David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> You need to have a TLS listen like
>>
>> https://kamailio.org/docs/tls-1.3.x.html#AEN192
>>
>>
>> On Sun, 10 Nov 2019 at 00:32, David Villasmil <
>> david.villasmil.w...@gmail.com> wrote:
>>
>>> From what you paste, 8080 is not TLS
>>>
>>> On Sat, 9 Nov 2019 at 23:29, sthustfo  wrote:
>>>
 Kamailio listening on WS only as seen from below log snippet. As I
 mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards
 the SIP server.

  0(3268) INFO:  [core/sctp_core.c:74]: sctp_core_check_support():
 SCTP API not enabled - if you want to use it, load sctp module
 Listening on
  tcp: 10.0.0.14 [10.0.0.14]:8080
 Aliases:
  *: test.example.com:*

 And here is the relevant portion from config file.
 listen=tcp:10.0.0.14:8080

 With the above, I modified dispatcher.list as below
 # setid(integer) destination(sip uri) flags (integer, optional),
 priority(int,opt), attrs (str,optional)
 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080
 ;ping_from=sip:10.0.0.14

 With the above change, I see following in the logs

  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
 protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:
 10.0.0.100:5061)
  1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket
 found for "10.0.0.100" af 2 (tls:10.0.0.100:5061)
  1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found
  1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to
 ping [sip:10.0.0.100:5061;transport=tls]
  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
 protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:
 10.0.0.100:5061)

 But not attempts to connect to the SIP server.

 On Sat, Nov 9, 2019 at 11:48 PM David Villasmil <
 david.villasmil.w...@gmail.com> wrote:

> Please paste the “listen” parameters from the config.
>
> On Sat, 9 Nov 2019 at 18:04, David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> Is kamailio listening in that socket?
>>
>> On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:
>>
>>> Thanks Karsten. Instead of SIP server, I ran a simple socket
>>> listener program to see if dispatcher is attempting to connect to it or
>>> not. But it did not receive any client connection attempts. So after
>>> looking at the logs, I found below log statements. Any idea why this 
>>> might
>>> have happened?
>>>
>>>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
>>> socket 
>>>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list():
>>> unable to add destination sip:10.0.0.100:5061;transport=tls to set
>>> 1007 -- skipping
>>>
>>> dispatcher.list file pasted below contains the address. Why would
>>> this be an error?
>>>
>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>> priority(int,opt), attrs (str,optional)
>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061
>>> ;ping_from=sip:10.0.0.14
>>>
>>>
>>> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
>>> wrote:
>>>
 Hi,

 I guess the dispatcher is not able to get an 200 okay from your
 upstream tls / sipserver. And so the dispatcher did his job. Find no 
 active
 dispatcher targets, then told you that.

 You find more about the dispatcher state with kamctl dispatcher
 dump or kamcmd dispatcher.list

 And read the module docu of dispatcher, they explain you the states
 of the commands above.

 Hints here:

 Reading dispatcher docu, understand the states, read tls (maybe
 that's your root cause).


 Cheers
 Karsten

 sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:

> Thanks David. You are right, ds_select_dst() is failing and error
> log is shown.
>
>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}
> dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets
>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
> cfgtrace:request_route=[DISPATCH] c=[/etc/kam

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread sthustfo 
Well, I was hoping there was a way to proxy from non secure (WS) to secure
one (TLS) upstream.


On Sun, Nov 10, 2019 at 6:12 AM David Villasmil <
david.villasmil.w...@gmail.com> wrote:

> You need to have a TLS listen like
>
> https://kamailio.org/docs/tls-1.3.x.html#AEN192
>
>
> On Sun, 10 Nov 2019 at 00:32, David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> From what you paste, 8080 is not TLS
>>
>> On Sat, 9 Nov 2019 at 23:29, sthustfo  wrote:
>>
>>> Kamailio listening on WS only as seen from below log snippet. As I
>>> mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards
>>> the SIP server.
>>>
>>>  0(3268) INFO:  [core/sctp_core.c:74]: sctp_core_check_support():
>>> SCTP API not enabled - if you want to use it, load sctp module
>>> Listening on
>>>  tcp: 10.0.0.14 [10.0.0.14]:8080
>>> Aliases:
>>>  *: test.example.com:*
>>>
>>> And here is the relevant portion from config file.
>>> listen=tcp:10.0.0.14:8080
>>>
>>> With the above, I modified dispatcher.list as below
>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>> priority(int,opt), attrs (str,optional)
>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080
>>> ;ping_from=sip:10.0.0.14
>>>
>>> With the above change, I see following in the logs
>>>
>>>  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
>>> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:
>>> 10.0.0.100:5061)
>>>  1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found
>>> for "10.0.0.100" af 2 (tls:10.0.0.100:5061)
>>>  1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found
>>>  1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to
>>> ping [sip:10.0.0.100:5061;transport=tls]
>>>  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
>>> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:
>>> 10.0.0.100:5061)
>>>
>>> But not attempts to connect to the SIP server.
>>>
>>> On Sat, Nov 9, 2019 at 11:48 PM David Villasmil <
>>> david.villasmil.w...@gmail.com> wrote:
>>>
 Please paste the “listen” parameters from the config.

 On Sat, 9 Nov 2019 at 18:04, David Villasmil <
 david.villasmil.w...@gmail.com> wrote:

> Is kamailio listening in that socket?
>
> On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:
>
>> Thanks Karsten. Instead of SIP server, I ran a simple socket listener
>> program to see if dispatcher is attempting to connect to it or not. But 
>> it
>> did not receive any client connection attempts. So after looking at the
>> logs, I found below log statements. Any idea why this might have 
>> happened?
>>
>>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
>> socket 
>>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable
>> to add destination sip:10.0.0.100:5061;transport=tls to set 1007 --
>> skipping
>>
>> dispatcher.list file pasted below contains the address. Why would
>> this be an error?
>>
>> # setid(integer) destination(sip uri) flags (integer, optional),
>> priority(int,opt), attrs (str,optional)
>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
>> ping_from=sip:10.0.0.14
>>
>>
>> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
>> wrote:
>>
>>> Hi,
>>>
>>> I guess the dispatcher is not able to get an 200 okay from your
>>> upstream tls / sipserver. And so the dispatcher did his job. Find no 
>>> active
>>> dispatcher targets, then told you that.
>>>
>>> You find more about the dispatcher state with kamctl dispatcher dump
>>> or kamcmd dispatcher.list
>>>
>>> And read the module docu of dispatcher, they explain you the states
>>> of the commands above.
>>>
>>> Hints here:
>>>
>>> Reading dispatcher docu, understand the states, read tls (maybe
>>> that's your root cause).
>>>
>>>
>>> Cheers
>>> Karsten
>>>
>>> sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:
>>>
 Thanks David. You are right, ds_select_dst() is failing and error
 log is shown.

  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
 [dispatch.c:2032]: ds_manage_routes(): no destination sets
  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
 cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 
 a=25
 n=xdbg
  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread David Villasmil 
You need to have a TLS listen like

https://kamailio.org/docs/tls-1.3.x.html#AEN192


On Sun, 10 Nov 2019 at 00:32, David Villasmil <
david.villasmil.w...@gmail.com> wrote:

> From what you paste, 8080 is not TLS
>
> On Sat, 9 Nov 2019 at 23:29, sthustfo  wrote:
>
>> Kamailio listening on WS only as seen from below log snippet. As I
>> mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards
>> the SIP server.
>>
>>  0(3268) INFO:  [core/sctp_core.c:74]: sctp_core_check_support():
>> SCTP API not enabled - if you want to use it, load sctp module
>> Listening on
>>  tcp: 10.0.0.14 [10.0.0.14]:8080
>> Aliases:
>>  *: test.example.com:*
>>
>> And here is the relevant portion from config file.
>> listen=tcp:10.0.0.14:8080
>>
>> With the above, I modified dispatcher.list as below
>> # setid(integer) destination(sip uri) flags (integer, optional),
>> priority(int,opt), attrs (str,optional)
>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080
>> ;ping_from=sip:10.0.0.14
>>
>> With the above change, I see following in the logs
>>
>>  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
>> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061
>> )
>>  1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found
>> for "10.0.0.100" af 2 (tls:10.0.0.100:5061)
>>  1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found
>>  1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to
>> ping [sip:10.0.0.100:5061;transport=tls]
>>  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
>> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061
>> )
>>
>> But not attempts to connect to the SIP server.
>>
>> On Sat, Nov 9, 2019 at 11:48 PM David Villasmil <
>> david.villasmil.w...@gmail.com> wrote:
>>
>>> Please paste the “listen” parameters from the config.
>>>
>>> On Sat, 9 Nov 2019 at 18:04, David Villasmil <
>>> david.villasmil.w...@gmail.com> wrote:
>>>
 Is kamailio listening in that socket?

 On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:

> Thanks Karsten. Instead of SIP server, I ran a simple socket listener
> program to see if dispatcher is attempting to connect to it or not. But it
> did not receive any client connection attempts. So after looking at the
> logs, I found below log statements. Any idea why this might have happened?
>
>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
> socket 
>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable
> to add destination sip:10.0.0.100:5061;transport=tls to set 1007 --
> skipping
>
> dispatcher.list file pasted below contains the address. Why would this
> be an error?
>
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
> ping_from=sip:10.0.0.14
>
>
> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
> wrote:
>
>> Hi,
>>
>> I guess the dispatcher is not able to get an 200 okay from your
>> upstream tls / sipserver. And so the dispatcher did his job. Find no 
>> active
>> dispatcher targets, then told you that.
>>
>> You find more about the dispatcher state with kamctl dispatcher dump
>> or kamcmd dispatcher.list
>>
>> And read the module docu of dispatcher, they explain you the states
>> of the commands above.
>>
>> Hints here:
>>
>> Reading dispatcher docu, understand the states, read tls (maybe
>> that's your root cause).
>>
>>
>> Cheers
>> Karsten
>>
>> sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:
>>
>>> Thanks David. You are right, ds_select_dst() is failing and error
>>> log is shown.
>>>
>>>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
>>> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>>>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 
>>> a=25
>>> n=xdbg
>>>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread David Villasmil 
>From what you paste, 8080 is not TLS

On Sat, 9 Nov 2019 at 23:29, sthustfo  wrote:

> Kamailio listening on WS only as seen from below log snippet. As I
> mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards
> the SIP server.
>
>  0(3268) INFO:  [core/sctp_core.c:74]: sctp_core_check_support():
> SCTP API not enabled - if you want to use it, load sctp module
> Listening on
>  tcp: 10.0.0.14 [10.0.0.14]:8080
> Aliases:
>  *: test.example.com:*
>
> And here is the relevant portion from config file.
> listen=tcp:10.0.0.14:8080
>
> With the above, I modified dispatcher.list as below
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080
> ;ping_from=sip:10.0.0.14
>
> With the above change, I see following in the logs
>
>  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)
>  1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found
> for "10.0.0.100" af 2 (tls:10.0.0.100:5061)
>  1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found
>  1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to
> ping [sip:10.0.0.100:5061;transport=tls]
>  1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)
>
> But not attempts to connect to the SIP server.
>
> On Sat, Nov 9, 2019 at 11:48 PM David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> Please paste the “listen” parameters from the config.
>>
>> On Sat, 9 Nov 2019 at 18:04, David Villasmil <
>> david.villasmil.w...@gmail.com> wrote:
>>
>>> Is kamailio listening in that socket?
>>>
>>> On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:
>>>
 Thanks Karsten. Instead of SIP server, I ran a simple socket listener
 program to see if dispatcher is attempting to connect to it or not. But it
 did not receive any client connection attempts. So after looking at the
 logs, I found below log statements. Any idea why this might have happened?

  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
 socket 
  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable
 to add destination sip:10.0.0.100:5061;transport=tls to set 1007 --
 skipping

 dispatcher.list file pasted below contains the address. Why would this
 be an error?

 # setid(integer) destination(sip uri) flags (integer, optional),
 priority(int,opt), attrs (str,optional)
 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
 ping_from=sip:10.0.0.14


 On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
 wrote:

> Hi,
>
> I guess the dispatcher is not able to get an 200 okay from your
> upstream tls / sipserver. And so the dispatcher did his job. Find no 
> active
> dispatcher targets, then told you that.
>
> You find more about the dispatcher state with kamctl dispatcher dump
> or kamcmd dispatcher.list
>
> And read the module docu of dispatcher, they explain you the states of
> the commands above.
>
> Hints here:
>
> Reading dispatcher docu, understand the states, read tls (maybe that's
> your root cause).
>
>
> Cheers
> Karsten
>
> sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:
>
>> Thanks David. You are right, ds_select_dst() is failing and error log
>> is shown.
>>
>>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
>> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 
>> a=25
>> n=xdbg
>>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread sthustfo 
Kamailio listening on WS only as seen from below log snippet. As I
mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards
the SIP server.

 0(3268) INFO:  [core/sctp_core.c:74]: sctp_core_check_support():
SCTP API not enabled - if you want to use it, load sctp module
Listening on
 tcp: 10.0.0.14 [10.0.0.14]:8080
Aliases:
 *: test.example.com:*

And here is the relevant portion from config file.
listen=tcp:10.0.0.14:8080

With the above, I modified dispatcher.list as below
# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080
;ping_from=sip:10.0.0.14

With the above change, I see following in the logs

 1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)
 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found
for "10.0.0.100" af 2 (tls:10.0.0.100:5061)
 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found
 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to ping
[sip:10.0.0.100:5061;transport=tls]
 1(3271) WARNING:  [core/forward.c:228]: get_send_socket2():
protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)

But not attempts to connect to the SIP server.

On Sat, Nov 9, 2019 at 11:48 PM David Villasmil <
david.villasmil.w...@gmail.com> wrote:

> Please paste the “listen” parameters from the config.
>
> On Sat, 9 Nov 2019 at 18:04, David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> Is kamailio listening in that socket?
>>
>> On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:
>>
>>> Thanks Karsten. Instead of SIP server, I ran a simple socket listener
>>> program to see if dispatcher is attempting to connect to it or not. But it
>>> did not receive any client connection attempts. So after looking at the
>>> logs, I found below log statements. Any idea why this might have happened?
>>>
>>>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
>>> socket 
>>>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to
>>> add destination sip:10.0.0.100:5061;transport=tls to set 1007 --
>>> skipping
>>>
>>> dispatcher.list file pasted below contains the address. Why would this
>>> be an error?
>>>
>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>> priority(int,opt), attrs (str,optional)
>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
>>> ping_from=sip:10.0.0.14
>>>
>>>
>>> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
>>> wrote:
>>>
 Hi,

 I guess the dispatcher is not able to get an 200 okay from your
 upstream tls / sipserver. And so the dispatcher did his job. Find no active
 dispatcher targets, then told you that.

 You find more about the dispatcher state with kamctl dispatcher dump or
 kamcmd dispatcher.list

 And read the module docu of dispatcher, they explain you the states of
 the commands above.

 Hints here:

 Reading dispatcher docu, understand the states, read tls (maybe that's
 your root cause).


 Cheers
 Karsten

 sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:

> Thanks David. You are right, ds_select_dst() is failing and error log
> is shown.
>
>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 
> a=25
> n=xdbg
>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread David Villasmil 
Please paste the “listen” parameters from the config.

On Sat, 9 Nov 2019 at 18:04, David Villasmil 
wrote:

> Is kamailio listening in that socket?
>
> On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:
>
>> Thanks Karsten. Instead of SIP server, I ran a simple socket listener
>> program to see if dispatcher is attempting to connect to it or not. But it
>> did not receive any client connection attempts. So after looking at the
>> logs, I found below log statements. Any idea why this might have happened?
>>
>>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
>> socket 
>>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to
>> add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
>>
>> dispatcher.list file pasted below contains the address. Why would this be
>> an error?
>>
>> # setid(integer) destination(sip uri) flags (integer, optional),
>> priority(int,opt), attrs (str,optional)
>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
>> ping_from=sip:10.0.0.14
>>
>>
>> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
>> wrote:
>>
>>> Hi,
>>>
>>> I guess the dispatcher is not able to get an 200 okay from your upstream
>>> tls / sipserver. And so the dispatcher did his job. Find no active
>>> dispatcher targets, then told you that.
>>>
>>> You find more about the dispatcher state with kamctl dispatcher dump or
>>> kamcmd dispatcher.list
>>>
>>> And read the module docu of dispatcher, they explain you the states of
>>> the commands above.
>>>
>>> Hints here:
>>>
>>> Reading dispatcher docu, understand the states, read tls (maybe that's
>>> your root cause).
>>>
>>>
>>> Cheers
>>> Karsten
>>>
>>> sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:
>>>
 Thanks David. You are right, ds_select_dst() is failing and error log
 is shown.

  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
 [dispatch.c:2032]: ds_manage_routes(): no destination sets
  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
 cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
 n=xdbg
  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread Karsten Horsmann 
Hi,


For example you can use the controllflag -c and -f path/to/kamailio.cfg to
see on what ports and technologies your Kamailio is listing.

Here you see an test instance only with udp and tcp (no tls).

So if I would try your dispatcher config it wouldn't work (and of course
the ips don't match).

BTW for debugging purpose maybe starting with tcp is easier and if that
works you can attach tls to your config.


k1:~# kamailio -c -f /etc/kamailio/kamailio.cfg
 0(15313) INFO:  [core/sctp_core.c:74]: sctp_core_check_support():
SCTP API not enabled - if you want to use it, load sctp module
Listening on
 udp: 10.10.10.1 [10.10.10.1]:5060
 udp: 10.10.10.1 [10.10.10.1]:5062
 udp: 192.168.122.100 [192.168.122.100]:5060
 tcp: 10.10.10.1 [10.10.10.1]:5060
 tcp: 192.168.122.100 [192.168.122.100]:5060


sthustfo  schrieb am Sa., 9. Nov. 2019, 18:34:

> Thanks Karsten. Instead of SIP server, I ran a simple socket listener
> program to see if dispatcher is attempting to connect to it or not. But it
> did not receive any client connection attempts. So after looking at the
> logs, I found below log statements. Any idea why this might have happened?
>
>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket
> 
>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to
> add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
>
> dispatcher.list file pasted below contains the address. Why would this be
> an error?
>
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
> ping_from=sip:10.0.0.14
>
>
> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
> wrote:
>
>> Hi,
>>
>> I guess the dispatcher is not able to get an 200 okay from your upstream
>> tls / sipserver. And so the dispatcher did his job. Find no active
>> dispatcher targets, then told you that.
>>
>> You find more about the dispatcher state with kamctl dispatcher dump or
>> kamcmd dispatcher.list
>>
>> And read the module docu of dispatcher, they explain you the states of
>> the commands above.
>>
>> Hints here:
>>
>> Reading dispatcher docu, understand the states, read tls (maybe that's
>> your root cause).
>>
>>
>> Cheers
>> Karsten
>>
>> sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:
>>
>>> Thanks David. You are right, ds_select_dst() is failing and error log is
>>> shown.
>>>
>>>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
>>> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>>>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
>>> n=xdbg
>>>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread David Villasmil 
Is kamailio listening in that socket?

On Sat, 9 Nov 2019 at 17:34, sthustfo  wrote:

> Thanks Karsten. Instead of SIP server, I ran a simple socket listener
> program to see if dispatcher is attempting to connect to it or not. But it
> did not receive any client connection attempts. So after looking at the
> logs, I found below log statements. Any idea why this might have happened?
>
>  0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket
> 
>  0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to
> add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
>
> dispatcher.list file pasted below contains the address. Why would this be
> an error?
>
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
> ping_from=sip:10.0.0.14
>
>
> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann 
> wrote:
>
>> Hi,
>>
>> I guess the dispatcher is not able to get an 200 okay from your upstream
>> tls / sipserver. And so the dispatcher did his job. Find no active
>> dispatcher targets, then told you that.
>>
>> You find more about the dispatcher state with kamctl dispatcher dump or
>> kamcmd dispatcher.list
>>
>> And read the module docu of dispatcher, they explain you the states of
>> the commands above.
>>
>> Hints here:
>>
>> Reading dispatcher docu, understand the states, read tls (maybe that's
>> your root cause).
>>
>>
>> Cheers
>> Karsten
>>
>> sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:
>>
>>> Thanks David. You are right, ds_select_dst() is failing and error log is
>>> shown.
>>>
>>>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
>>> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>>>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
>>> n=xdbg
>>>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread sthustfo 
Thanks Karsten. Instead of SIP server, I ran a simple socket listener
program to see if dispatcher is attempting to connect to it or not. But it
did not receive any client connection attempts. So after looking at the
logs, I found below log statements. Any idea why this might have happened?

 0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket

 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to
add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping

dispatcher.list file pasted below contains the address. Why would this be
an error?

# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
ping_from=sip:10.0.0.14


On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann  wrote:

> Hi,
>
> I guess the dispatcher is not able to get an 200 okay from your upstream
> tls / sipserver. And so the dispatcher did his job. Find no active
> dispatcher targets, then told you that.
>
> You find more about the dispatcher state with kamctl dispatcher dump or
> kamcmd dispatcher.list
>
> And read the module docu of dispatcher, they explain you the states of the
> commands above.
>
> Hints here:
>
> Reading dispatcher docu, understand the states, read tls (maybe that's
> your root cause).
>
>
> Cheers
> Karsten
>
> sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:
>
>> Thanks David. You are right, ds_select_dst() is failing and error log is
>> shown.
>>
>>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
>> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
>> n=xdbg
>>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread Karsten Horsmann 
Hi,

I guess the dispatcher is not able to get an 200 okay from your upstream
tls / sipserver. And so the dispatcher did his job. Find no active
dispatcher targets, then told you that.

You find more about the dispatcher state with kamctl dispatcher dump or
kamcmd dispatcher.list

And read the module docu of dispatcher, they explain you the states of the
commands above.

Hints here:

Reading dispatcher docu, understand the states, read tls (maybe that's your
root cause).


Cheers
Karsten

sthustfo  schrieb am Sa., 9. Nov. 2019, 14:56:

> Thanks David. You are right, ds_select_dst() is failing and error log is
> shown.
>
>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
> n=xdbg
>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread sthustfo 
Thanks David. You are right, ds_select_dst() is failing and error log is
shown.

 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
[dispatch.c:2032]: ds_manage_routes(): no destination sets
 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
n=xdbg
 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa}

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread David Villasmil 
Please post the config around the ds_select

What that’s saying is basically it could not find a destination for the set
you are asking for.

Either because the setid you provide with the function doesn’t exist, or
the destination is not responding to the pings.


On Sat, 9 Nov 2019 at 10:33, sthustfo  wrote:

> Thanks Karsten. The setup consists of client connecting to kamailio over
> WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server
> (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list
> as below
>
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061
> ;ping_from=sip:10.0.0.14
>
> With above, kamailio replies to REGISTER with "SIP/2.0 404 No
> destination". And in the logs, I see following statement.
>
> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no
> destination sets
>
> What does this mean? Is kamailio not able to talk to SIP server for
> some reason?
>
> Regards
>
> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann 
> wrote:
>
>> Hi,
>>
>>
>> Your config line for the dispatcher makes no sense for me.
>>
>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061;
>> ping_from=sip:10.0.0.14
>>
>>
>> Means setid 1007 (like an group to arrange multiple targets) okay.
>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri.
>> Where your calls are placed when you call the dispatcher function with
>> setid 1007.
>>
>> In combination with socket=10.0.0.100:5061 (that indicates your Kamailio
>> socket, the proxy ip)
>> That you talking with yourself.
>>
>> You should read the module documentations for dispatcher and tls.
>>
>> Or describe your ip setup and your config a bit more.
>>
>> Cheers
>> Karsten
>>
>> sthustfo  schrieb am Fr., 8. Nov. 2019, 17:41:
>>
>>> Hi Karsten, David,
>>>
>>> Thanks for your pointers. Earlier I was using mysql backend where the
>>> dispatch list was stored. Now following your suggestions, I have switched
>>> to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the
>>> following
>>>
>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>> priority(int,opt), attrs (str,optional)
>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061
>>> ;ping_from=sip:10.0.0.14
>>>
>>> Even with this, when HTTP request in, the same is upgraded to WS
>>> connection. But this gets closed after couple of seconds. Does the below
>>> log indicate anything?
>>>
>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
>>>  9(1784) DEBUG:  [core/usr_avp.c:636]: destroy_avp_list():
>>> destroying list (nil)
>>>
>>> Is there any way to understand what's happening? I do not see any other
>>> error lin logs.
>>>
>>> Thanks.
>>>
>>>
>>>
>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla <
>>> mico...@gmail.com> wrote:
>>>
 Hello,
 On 06.11.19 20:46, Karsten Horsmann wrote:

 Hi,

 the sips Uri schemata is not used for tls with dispatcher.

 jumping in to clarify a bit about sips protocol schema. It doesn't
 imply TLS as one may think HTTPS does it for HTTP. The sips is mandating
 that the traffic goes over secure links, which can be IPSec/VPN or even
 just private network, so it is ok using UDP or TCP when sips is present.

 In SIP, if TLS is wanted, then transport=tls has to be added to the URI.

 As for dispatcher, one more clarification: trasport=tls in attrs has
 nothing to do with the destination address, so that has to be in the value
 of the destination field, as Karsten gave in his example.

 And, as general note: better do not use sips at all, it can mess up
 some nodes in the path, if you are not sure about the need of sips -- just
 do uri;trasport=tls.

 Cheers,
 Daniel


 Here an example for flatfile dispatcher.list (need corrected values).

 The socket line must match an listen directive in your Kamailio.cfg.


 root@sbc1:~# cat /etc/kamailio/dispatcher.list
 # setid(integer) destination(sip uri) flags (integer, optional),
 priority(int,opt), attrs (str,optional)
 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain

 Cheers
 Karsten

 sthustfo  schrieb am Mi., 6. Nov. 2019, 20:32:

> I have a basic setup where kamailio receives SIP over websocket (no
> WSS) and forwards to SIP server over TLS. I have enabled TLS in
> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and
> transport=tls.
>
>
> ++---++---+--+---++
> | id | setid | destination| flags | priority | attrs
>   | description|
>
> ++-

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-09 Thread sthustfo 
Thanks Karsten. The setup consists of client connecting to kamailio over WS
(10.0.0.14). Kamailio needs to proxy the requests to SIP server
(10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list
as below

# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061
;ping_from=sip:10.0.0.14

With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination".
And in the logs, I see following statement.

1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no
destination sets

What does this mean? Is kamailio not able to talk to SIP server for
some reason?

Regards

On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann 
wrote:

> Hi,
>
>
> Your config line for the dispatcher makes no sense for me.
>
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061;
> ping_from=sip:10.0.0.14
>
>
> Means setid 1007 (like an group to arrange multiple targets) okay.
> But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where
> your calls are placed when you call the dispatcher function with setid 1007.
>
> In combination with socket=10.0.0.100:5061 (that indicates your Kamailio
> socket, the proxy ip)
> That you talking with yourself.
>
> You should read the module documentations for dispatcher and tls.
>
> Or describe your ip setup and your config a bit more.
>
> Cheers
> Karsten
>
> sthustfo  schrieb am Fr., 8. Nov. 2019, 17:41:
>
>> Hi Karsten, David,
>>
>> Thanks for your pointers. Earlier I was using mysql backend where the
>> dispatch list was stored. Now following your suggestions, I have switched
>> to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the
>> following
>>
>> # setid(integer) destination(sip uri) flags (integer, optional),
>> priority(int,opt), attrs (str,optional)
>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061
>> ;ping_from=sip:10.0.0.14
>>
>> Even with this, when HTTP request in, the same is upgraded to WS
>> connection. But this gets closed after couple of seconds. Does the below
>> log indicate anything?
>>
>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
>>  9(1784) DEBUG:  [core/usr_avp.c:636]: destroy_avp_list():
>> destroying list (nil)
>>
>> Is there any way to understand what's happening? I do not see any other
>> error lin logs.
>>
>> Thanks.
>>
>>
>>
>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla <
>> mico...@gmail.com> wrote:
>>
>>> Hello,
>>> On 06.11.19 20:46, Karsten Horsmann wrote:
>>>
>>> Hi,
>>>
>>> the sips Uri schemata is not used for tls with dispatcher.
>>>
>>> jumping in to clarify a bit about sips protocol schema. It doesn't imply
>>> TLS as one may think HTTPS does it for HTTP. The sips is mandating that the
>>> traffic goes over secure links, which can be IPSec/VPN or even just private
>>> network, so it is ok using UDP or TCP when sips is present.
>>>
>>> In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
>>>
>>> As for dispatcher, one more clarification: trasport=tls in attrs has
>>> nothing to do with the destination address, so that has to be in the value
>>> of the destination field, as Karsten gave in his example.
>>>
>>> And, as general note: better do not use sips at all, it can mess up some
>>> nodes in the path, if you are not sure about the need of sips -- just do
>>> uri;trasport=tls.
>>>
>>> Cheers,
>>> Daniel
>>>
>>>
>>> Here an example for flatfile dispatcher.list (need corrected values).
>>>
>>> The socket line must match an listen directive in your Kamailio.cfg.
>>>
>>>
>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list
>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>> priority(int,opt), attrs (str,optional)
>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>>>
>>> Cheers
>>> Karsten
>>>
>>> sthustfo  schrieb am Mi., 6. Nov. 2019, 20:32:
>>>
 I have a basic setup where kamailio receives SIP over websocket (no
 WSS) and forwards to SIP server over TLS. I have enabled TLS in
 kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and
 transport=tls.


 ++---++---+--+---++
 | id | setid | destination| flags | priority | attrs
   | description|

 ++---++---+--+---++
 |  4 | 1 | sips:10.0.0.100:5061 | 0 |0 | transport=tls
 | SIP SERVER |

 ++---++---+--+---++

 Now when REGISTER is received over websocket, kamailio is responding
 with error code 500 and phrase "500 I'm terribly sorry, server error
 occurred (7/SL)". And on the

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-08 Thread Karsten Horsmann 
Hi,


Your config line for the dispatcher makes no sense for me.

1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061;
ping_from=sip:10.0.0.14


Means setid 1007 (like an group to arrange multiple targets) okay.
But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where
your calls are placed when you call the dispatcher function with setid 1007.

In combination with socket=10.0.0.100:5061 (that indicates your Kamailio
socket, the proxy ip)
That you talking with yourself.

You should read the module documentations for dispatcher and tls.

Or describe your ip setup and your config a bit more.

Cheers
Karsten

sthustfo  schrieb am Fr., 8. Nov. 2019, 17:41:

> Hi Karsten, David,
>
> Thanks for your pointers. Earlier I was using mysql backend where the
> dispatch list was stored. Now following your suggestions, I have switched
> to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the
> following
>
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061
> ;ping_from=sip:10.0.0.14
>
> Even with this, when HTTP request in, the same is upgraded to WS
> connection. But this gets closed after couple of seconds. Does the below
> log indicate anything?
>
> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
>  9(1784) DEBUG:  [core/usr_avp.c:636]: destroy_avp_list():
> destroying list (nil)
>
> Is there any way to understand what's happening? I do not see any other
> error lin logs.
>
> Thanks.
>
>
>
> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla 
> wrote:
>
>> Hello,
>> On 06.11.19 20:46, Karsten Horsmann wrote:
>>
>> Hi,
>>
>> the sips Uri schemata is not used for tls with dispatcher.
>>
>> jumping in to clarify a bit about sips protocol schema. It doesn't imply
>> TLS as one may think HTTPS does it for HTTP. The sips is mandating that the
>> traffic goes over secure links, which can be IPSec/VPN or even just private
>> network, so it is ok using UDP or TCP when sips is present.
>>
>> In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
>>
>> As for dispatcher, one more clarification: trasport=tls in attrs has
>> nothing to do with the destination address, so that has to be in the value
>> of the destination field, as Karsten gave in his example.
>>
>> And, as general note: better do not use sips at all, it can mess up some
>> nodes in the path, if you are not sure about the need of sips -- just do
>> uri;trasport=tls.
>>
>> Cheers,
>> Daniel
>>
>>
>> Here an example for flatfile dispatcher.list (need corrected values).
>>
>> The socket line must match an listen directive in your Kamailio.cfg.
>>
>>
>> root@sbc1:~# cat /etc/kamailio/dispatcher.list
>> # setid(integer) destination(sip uri) flags (integer, optional),
>> priority(int,opt), attrs (str,optional)
>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>>
>> Cheers
>> Karsten
>>
>> sthustfo  schrieb am Mi., 6. Nov. 2019, 20:32:
>>
>>> I have a basic setup where kamailio receives SIP over websocket (no WSS)
>>> and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and
>>> added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
>>>
>>>
>>> ++---++---+--+---++
>>> | id | setid | destination| flags | priority | attrs
>>> | description|
>>>
>>> ++---++---+--+---++
>>> |  4 | 1 | sips:10.0.0.100:5061 | 0 |0 | transport=tls
>>> | SIP SERVER |
>>>
>>> ++---++---+--+---++
>>>
>>> Now when REGISTER is received over websocket, kamailio is responding
>>> with error code 500 and phrase "500 I'm terribly sorry, server error
>>> occurred (7/SL)". And on the console I see the following error messages.
>>>
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
>>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>>> f1ecf7bcb659b07fe81e332e100044e5
>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]:
>>> uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:
>>> 10.0.0.100:5061)
>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
>>> corresponding listening socket)
>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_funcs.c:352]: t_relay_to(): -7 error reply gene

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-08 Thread sthustfo 
Hi Karsten, David,

Thanks for your pointers. Earlier I was using mysql backend where the
dispatch list was stored. Now following your suggestions, I have switched
to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the
following

# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061
;ping_from=sip:10.0.0.14

Even with this, when HTTP request in, the same is upgraded to WS
connection. But this gets closed after couple of seconds. Does the below
log indicate anything?

9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
 9(1784) DEBUG:  [core/usr_avp.c:636]: destroy_avp_list(): destroying
list (nil)

Is there any way to understand what's happening? I do not see any other
error lin logs.

Thanks.



On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla 
wrote:

> Hello,
> On 06.11.19 20:46, Karsten Horsmann wrote:
>
> Hi,
>
> the sips Uri schemata is not used for tls with dispatcher.
>
> jumping in to clarify a bit about sips protocol schema. It doesn't imply
> TLS as one may think HTTPS does it for HTTP. The sips is mandating that the
> traffic goes over secure links, which can be IPSec/VPN or even just private
> network, so it is ok using UDP or TCP when sips is present.
>
> In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
>
> As for dispatcher, one more clarification: trasport=tls in attrs has
> nothing to do with the destination address, so that has to be in the value
> of the destination field, as Karsten gave in his example.
>
> And, as general note: better do not use sips at all, it can mess up some
> nodes in the path, if you are not sure about the need of sips -- just do
> uri;trasport=tls.
>
> Cheers,
> Daniel
>
>
> Here an example for flatfile dispatcher.list (need corrected values).
>
> The socket line must match an listen directive in your Kamailio.cfg.
>
>
> root@sbc1:~# cat /etc/kamailio/dispatcher.list
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>
> Cheers
> Karsten
>
> sthustfo  schrieb am Mi., 6. Nov. 2019, 20:32:
>
>> I have a basic setup where kamailio receives SIP over websocket (no WSS)
>> and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and
>> added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
>>
>>
>> ++---++---+--+---++
>> | id | setid | destination| flags | priority | attrs
>> | description|
>>
>> ++---++---+--+---++
>> |  4 | 1 | sips:10.0.0.100:5061 | 0 |0 | transport=tls |
>> SIP SERVER |
>>
>> ++---++---+--+---++
>>
>> Now when REGISTER is received over websocket, kamailio is responding with
>> error code 500 and phrase "500 I'm terribly sorry, server error occurred
>> (7/SL)". And on the console I see the following error messages.
>>
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>> f1ecf7bcb659b07fe81e332e100044e5
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]:
>> uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:
>> 10.0.0.100:5061)
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
>> corresponding listening socket)
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
>> n=sl_reply_error
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
>> hsvmphm3ps12.invalid, 0)
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket
>> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>>
>> *tls.cfg contents*
>> [client:default]
>> method = TLSv1
>> verify_certificate = yes
>> require_certificate = yes
>> private_key = /home/test/kamailio/internal.key
>> certificate = /home/test/kamailio/internal.crt
>> ca_list = /home/test/kamailio/ca_list.pem
>>
>> Any reason why this error is seen? Any inputs appreciated.
>>
>> Thanks.
>>

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-07 Thread Daniel-Constantin Mierla 
Hello,

On 06.11.19 20:46, Karsten Horsmann wrote:
> Hi, 
>
> the sips Uri schemata is not used for tls with dispatcher.

jumping in to clarify a bit about sips protocol schema. It doesn't imply
TLS as one may think HTTPS does it for HTTP. The sips is mandating that
the traffic goes over secure links, which can be IPSec/VPN or even just
private network, so it is ok using UDP or TCP when sips is present.

In SIP, if TLS is wanted, then transport=tls has to be added to the URI.

As for dispatcher, one more clarification: trasport=tls in attrs has
nothing to do with the destination address, so that has to be in the
value of the destination field, as Karsten gave in his example.

And, as general note: better do not use sips at all, it can mess up some
nodes in the path, if you are not sure about the need of sips -- just do
uri;trasport=tls.

Cheers,
Daniel

>
> Here an example for flatfile dispatcher.list (need corrected values). 
>
> The socket line must match an listen directive in your Kamailio.cfg. 
>
>
> root@sbc1:~# cat /etc/kamailio/dispatcher.list
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:sip.pstnhub.microsoft.com
> ;transport=tls 0 3
> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>
> Cheers 
> Karsten 
>
> sthustfo mailto:sthus...@gmail.com>> schrieb am
> Mi., 6. Nov. 2019, 20:32:
>
> I have a basic setup where kamailio receives SIP over websocket
> (no WSS) and forwards to SIP server over TLS. I have enabled TLS
> in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061
> and transport=tls.
>
> 
> ++---++---+--+---++
> | id | setid | destination            | flags | priority | attrs  
>       | description    |
> 
> ++---++---+--+---++
> |  4 |     1 | sips:10.0.0.100:5061  |    
> 0 |        0 | transport=tls | SIP SERVER |
> 
> ++---++---+--+---++
>
> Now when REGISTER is received over websocket, kamailio is
> responding with error code 500 and phrase "500 I'm terribly sorry,
> server error occurred (7/SL)". And on the console I see the
> following error messages.
>
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
> f1ecf7bcb659b07fe81e332e100044e5
> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [ut.h:315]: uri2dst2(): no corresponding socket found for
> "10.0.0.100" af 2 (tls:10.0.0.100:5061 )
> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
> corresponding listening socket)
> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg]
> l=587 a=24 n=sl_reply_error
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
> hsvmphm3ps12.invalid, 0)
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv}
> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>
> *tls.cfg contents*
> [client:default]
> method = TLSv1
> verify_certificate = yes
> require_certificate = yes
> private_key = /home/test/kamailio/internal.key
> certificate = /home/test/kamailio/internal.crt
> ca_list = /home/test/kamailio/ca_list.pem
>
> Any reason why this error is seen? Any inputs appreciated.
>
> Thanks.
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org 
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - April 27-29, 2020, in Berlin -- 
www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/ma

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-06 Thread Karsten Horsmann 
Hi David,

with the socket param in dispatcher, the module did that already.

Cheers
Karsten

David Villasmil  schrieb am Mi., 6. Nov.
2019, 23:14:

> I believe you also need to use a force send socket
>
> On Wed, 6 Nov 2019 at 19:48, Karsten Horsmann  wrote:
>
>> Hi,
>>
>> the sips Uri schemata is not used for tls with dispatcher.
>>
>> Here an example for flatfile dispatcher.list (need corrected values).
>>
>> The socket line must match an listen directive in your Kamailio.cfg.
>>
>>
>> root@sbc1:~# cat /etc/kamailio/dispatcher.list
>> # setid(integer) destination(sip uri) flags (integer, optional),
>> priority(int,opt), attrs (str,optional)
>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>>
>> Cheers
>> Karsten
>>
>> sthustfo  schrieb am Mi., 6. Nov. 2019, 20:32:
>>
>>> I have a basic setup where kamailio receives SIP over websocket (no WSS)
>>> and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and
>>> added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
>>>
>>>
>>> ++---++---+--+---++
>>> | id | setid | destination| flags | priority | attrs
>>> | description|
>>>
>>> ++---++---+--+---++
>>> |  4 | 1 | sips:10.0.0.100:5061 | 0 |0 | transport=tls
>>> | SIP SERVER |
>>>
>>> ++---++---+--+---++
>>>
>>> Now when REGISTER is received over websocket, kamailio is responding
>>> with error code 500 and phrase "500 I'm terribly sorry, server error
>>> occurred (7/SL)". And on the console I see the following error messages.
>>>
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
>>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>>> f1ecf7bcb659b07fe81e332e100044e5
>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]:
>>> uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:
>>> 10.0.0.100:5061)
>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
>>> corresponding listening socket)
>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
>>> n=sl_reply_error
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
>>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
>>> hsvmphm3ps12.invalid, 0)
>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket
>>> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>>>
>>> *tls.cfg contents*
>>> [client:default]
>>> method = TLSv1
>>> verify_certificate = yes
>>> require_certificate = yes
>>> private_key = /home/test/kamailio/internal.key
>>> certificate = /home/test/kamailio/internal.crt
>>> ca_list = /home/test/kamailio/ca_list.pem
>>>
>>> Any reason why this error is seen? Any inputs appreciated.
>>>
>>> Thanks.
>>> ___
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.w...@gmail.com
> phone: +34669448337
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-06 Thread David Villasmil 
I believe you also need to use a force send socket

On Wed, 6 Nov 2019 at 19:48, Karsten Horsmann  wrote:

> Hi,
>
> the sips Uri schemata is not used for tls with dispatcher.
>
> Here an example for flatfile dispatcher.list (need corrected values).
>
> The socket line must match an listen directive in your Kamailio.cfg.
>
>
> root@sbc1:~# cat /etc/kamailio/dispatcher.list
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>
> Cheers
> Karsten
>
> sthustfo  schrieb am Mi., 6. Nov. 2019, 20:32:
>
>> I have a basic setup where kamailio receives SIP over websocket (no WSS)
>> and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and
>> added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
>>
>>
>> ++---++---+--+---++
>> | id | setid | destination| flags | priority | attrs
>> | description|
>>
>> ++---++---+--+---++
>> |  4 | 1 | sips:10.0.0.100:5061 | 0 |0 | transport=tls |
>> SIP SERVER |
>>
>> ++---++---+--+---++
>>
>> Now when REGISTER is received over websocket, kamailio is responding with
>> error code 500 and phrase "500 I'm terribly sorry, server error occurred
>> (7/SL)". And on the console I see the following error messages.
>>
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>> f1ecf7bcb659b07fe81e332e100044e5
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]:
>> uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:
>> 10.0.0.100:5061)
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
>> corresponding listening socket)
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
>> n=sl_reply_error
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
>> hsvmphm3ps12.invalid, 0)
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket
>> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>>
>> *tls.cfg contents*
>> [client:default]
>> method = TLSv1
>> verify_certificate = yes
>> require_certificate = yes
>> private_key = /home/test/kamailio/internal.key
>> certificate = /home/test/kamailio/internal.crt
>> ca_list = /home/test/kamailio/ca_list.pem
>>
>> Any reason why this error is seen? Any inputs appreciated.
>>
>> Thanks.
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-- 
Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] dispatch REGISTER over TLS

2019-11-06 Thread Karsten Horsmann 
Hi,

the sips Uri schemata is not used for tls with dispatcher.

Here an example for flatfile dispatcher.list (need corrected values).

The socket line must match an listen directive in your Kamailio.cfg.


root@sbc1:~# cat /etc/kamailio/dispatcher.list
# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain

Cheers
Karsten

sthustfo  schrieb am Mi., 6. Nov. 2019, 20:32:

> I have a basic setup where kamailio receives SIP over websocket (no WSS)
> and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and
> added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
>
>
> ++---++---+--+---++
> | id | setid | destination| flags | priority | attrs |
> description|
>
> ++---++---+--+---++
> |  4 | 1 | sips:10.0.0.100:5061 | 0 |0 | transport=tls |
> SIP SERVER |
>
> ++---++---+--+---++
>
> Now when REGISTER is received over websocket, kamailio is responding with
> error code 500 and phrase "500 I'm terribly sorry, server error occurred
> (7/SL)". And on the console I see the following error messages.
>
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
> f1ecf7bcb659b07fe81e332e100044e5
> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]:
> uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:
> 10.0.0.100:5061)
> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
> corresponding listening socket)
> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
> n=sl_reply_error
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} 
> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
> hsvmphm3ps12.invalid, 0)
> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket
> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>
> *tls.cfg contents*
> [client:default]
> method = TLSv1
> verify_certificate = yes
> require_certificate = yes
> private_key = /home/test/kamailio/internal.key
> certificate = /home/test/kamailio/internal.crt
> ca_list = /home/test/kamailio/ca_list.pem
>
> Any reason why this error is seen? Any inputs appreciated.
>
> Thanks.
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users