Hi Guys,

I have an issue with sending a BYE message back down a strongswan VPN tunnel on 
a server in the Amazon EC2 environment.

To get the configuration working correctly I have the Public IP address bound 
to a loopback virtual interface, and I also have kamailio listening to it.


Calls establish without issue, but when the called party send a BYE, I cant 
seem to force the SIP message down the correct interface.

Due to client confidentiality I need to be careful what information I send but 
does anyone have a similar configuration set up, and working, I am just looking 
for reasons as to why force_socket and mhomed=1 doesnt appear to force the BYE 
message via the Public Interface but the private IP address on the server as 
its a NAT'd environment.

So essentially call establishes;


CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC 
IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B
   |                                    |      |          |
   |<---------(VIA IPSEC)-100 TRYING----|<----------100 
TRYING---------------|<----------100 TRYING----------------------------|
   |         |              |                                           |
   |<---------(VIA IPSEC)-180 RINGING---|<----------180 
RINGING--------------|<----------180 RINGING---------------------------|
   |                                    |                                    |  
                |
   |<---------(VIA IPSEC)-200OK --------|<----------200OK 
-------------------|<----------200OK --------------------------------|
   | |                                    |                                     
      |
   |----------(VIA IPSEC)-ACk---------> 
|-----------ACk--------------------->|-----------ACk---------------------------------->|


   How can I ensure the BYE is forced out via the PUBLIC IP?

So I do this;
   CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC 
IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B

   |<---------BYE (VIA IPSEC)----------------------|<----------BYE 
----------------------------|<----------BYE -------------------|

   As it appears to be going from Private IP and not being pushed down the 
IPSEC tunnel

   CLIENT---------(VIA IPSEC)-INVITE----->KAMAILIO PUBLIC IP-------->KAMAILIO 
PRIVATE IP------------------------->CLIENT B

   |<---------BYE ----------------------<----------BYE 
----------------------------|<----------BYE -------------------|


   on the BYE I have tried;

   force_send_socket(KAMAILIO PUBLIC IP);

   However doesnt appear to work, is this an issue for ip routing on the server 
to push the BYE correctly down the IPSEC tunnel? or is it configuration related?

   Any comments welcome if people have had this issue before.


   Many thanks

   Jon


_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to