Hi Karsten, David, Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14 Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything? 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil) Is there any way to understand what's happening? I do not see any other error lin logs. Thanks. On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla <[email protected]> wrote: > Hello, > On 06.11.19 20:46, Karsten Horsmann wrote: > > Hi, > > the sips Uri schemata is not used for tls with dispatcher. > > jumping in to clarify a bit about sips protocol schema. It doesn't imply > TLS as one may think HTTPS does it for HTTP. The sips is mandating that the > traffic goes over secure links, which can be IPSec/VPN or even just private > network, so it is ok using UDP or TCP when sips is present. > > In SIP, if TLS is wanted, then transport=tls has to be added to the URI. > > As for dispatcher, one more clarification: trasport=tls in attrs has > nothing to do with the destination address, so that has to be in the value > of the destination field, as Karsten gave in his example. > > And, as general note: better do not use sips at all, it can mess up some > nodes in the path, if you are not sure about the need of sips -- just do > uri;trasport=tls. > > Cheers, > Daniel > > > Here an example for flatfile dispatcher.list (need corrected values). > > The socket line must match an listen directive in your Kamailio.cfg. > > > root@sbc1:~# cat /etc/kamailio/dispatcher.list > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 > socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain > > Cheers > Karsten > > sthustfo <[email protected]> schrieb am Mi., 6. Nov. 2019, 20:32: > >> I have a basic setup where kamailio receives SIP over websocket (no WSS) >> and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and >> added dispatcher node as sips:SIP_SERVER:5061 and transport=tls. >> >> >> +----+-------+------------------------+-------+----------+---------------+----------------+ >> | id | setid | destination | flags | priority | attrs >> | description | >> >> +----+-------+------------------------+-------+----------+---------------+----------------+ >> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | >> SIP SERVER | >> >> +----+-------+------------------------+-------+----------+---------------+----------------+ >> >> Now when REGISTER is received over websocket, kamailio is responding with >> error code 500 and phrase "500 I'm terribly sorry, server error occurred >> (7/SL)". And on the console I see the following error messages. >> >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >> f1ecf7bcb659b07fe81e332e100044e5 >> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: >> uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls: >> 10.0.0.100:5061) >> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >> corresponding listening socket) >> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >> n=sl_reply_error >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >> hsvmphm3ps12.invalid, 0) >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket >> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >> >> *tls.cfg contents* >> [client:default] >> method = TLSv1 >> verify_certificate = yes >> require_certificate = yes >> private_key = /home/test/kamailio/internal.key >> certificate = /home/test/kamailio/internal.crt >> ca_list = /home/test/kamailio/ca_list.pem >> >> Any reason why this error is seen? Any inputs appreciated. >> >> Thanks. >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > > _______________________________________________ > Kamailio (SER) - Users Mailing > [email protected]https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- > www.linkedin.com/in/miconda > Kamailio World Conference - April 27-29, 2020, in Berlin -- > www.kamailioworld.com > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
