>From what you paste, 8080 is not TLS On Sat, 9 Nov 2019 at 23:29, sthustfo <[email protected]> wrote:
> Kamailio listening on WS only as seen from below log snippet. As I > mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards > the SIP server. > > 0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): > SCTP API not enabled - if you want to use it, load sctp module > Listening on > tcp: 10.0.0.14 [10.0.0.14]:8080 > Aliases: > *: test.example.com:* > > And here is the relevant portion from config file. > listen=tcp:10.0.0.14:8080 > > With the above, I modified dispatcher.list as below > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080 > ;ping_from=sip:10.0.0.14 > > With the above change, I see following in the logs > > 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): > protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061) > 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found > for "10.0.0.100" af 2 (tls:10.0.0.100:5061) > 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found > 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to > ping [sip:10.0.0.100:5061;transport=tls] > 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): > protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061) > > But not attempts to connect to the SIP server. > > On Sat, Nov 9, 2019 at 11:48 PM David Villasmil < > [email protected]> wrote: > >> Please paste the “listen” parameters from the config. >> >> On Sat, 9 Nov 2019 at 18:04, David Villasmil < >> [email protected]> wrote: >> >>> Is kamailio listening in that socket? >>> >>> On Sat, 9 Nov 2019 at 17:34, sthustfo <[email protected]> wrote: >>> >>>> Thanks Karsten. Instead of SIP server, I ran a simple socket listener >>>> program to see if dispatcher is attempting to connect to it or not. But it >>>> did not receive any client connection attempts. So after looking at the >>>> logs, I found below log statements. Any idea why this might have happened? >>>> >>>> 0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local >>>> socket <tls:10.0.0.14:5061> >>>> 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable >>>> to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- >>>> skipping >>>> >>>> dispatcher.list file pasted below contains the address. Why would this >>>> be an error? >>>> >>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>> priority(int,opt), attrs (str,optional) >>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; >>>> ping_from=sip:10.0.0.14 >>>> >>>> >>>> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I guess the dispatcher is not able to get an 200 okay from your >>>>> upstream tls / sipserver. And so the dispatcher did his job. Find no >>>>> active >>>>> dispatcher targets, then told you that. >>>>> >>>>> You find more about the dispatcher state with kamctl dispatcher dump >>>>> or kamcmd dispatcher.list >>>>> >>>>> And read the module docu of dispatcher, they explain you the states of >>>>> the commands above. >>>>> >>>>> Hints here: >>>>> >>>>> Reading dispatcher docu, understand the states, read tls (maybe that's >>>>> your root cause). >>>>> >>>>> >>>>> Cheers >>>>> Karsten >>>>> >>>>> sthustfo <[email protected]> schrieb am Sa., 9. Nov. 2019, 14:56: >>>>> >>>>>> Thanks David. You are right, ds_select_dst() is failing and error log >>>>>> is shown. >>>>>> >>>>>> 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher >>>>>> [dispatch.c:2032]: ds_manage_routes(): no destination sets >>>>>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >>>>>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 >>>>>> a=25 >>>>>> n=xdbg >>>>>> 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: >>>>>> --- DISPATCH: Dispatcher could not find any destination >>>>>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >>>>>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 >>>>>> a=26 >>>>>> n=send_reply >>>>>> >>>>>> Here is the config around ds_select_dst() >>>>>> >>>>>> # Dispatch requests >>>>>> route[DISPATCH] { >>>>>> # round robin dispatching on gateways group '1' >>>>>> if(!ds_select_dst("1007", "4")) { >>>>>> xdbg("--- DISPATCH: Dispatcher could not find any >>>>>> destination\n"); >>>>>> send_reply("404", "No destination"); >>>>>> exit; >>>>>> } >>>>>> t_on_failure("RTF_DISPATCH"); >>>>>> route(RELAY); >>>>>> exit; >>>>>> } >>>>>> >>>>>> Is there any way to see the logs for communication that happens with >>>>>> the destination? As you said, that also could be one of points of >>>>>> failure. >>>>>> >>>>>> BTW, I have set following config for pinging destination. >>>>>> >>>>>> modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") >>>>>> #modparam("dispatcher", "db_url", DBURL) #Use >>>>>> DBURL variable for database parameters >>>>>> modparam("dispatcher", "ds_ping_interval", 10) #How often to >>>>>> ping destinations to check status >>>>>> modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP >>>>>> Options ping >>>>>> modparam("dispatcher", "ds_probing_threshold", 10) #How many >>>>>> failed pings in a row do we need before we consider it down >>>>>> modparam("dispatcher", "ds_inactive_threshold", 10) #How many >>>>>> sucessful pings in a row do we need before considering it up >>>>>> modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables >>>>>> stats on latency >>>>>> modparam("dispatcher", "ds_probing_mode", 1) #Keeps >>>>>> pinging gateways when state is known (to detect change in state) >>>>>> >>>>>> Best Regards. >>>>>> >>>>>> On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Please post the config around the ds_select >>>>>>> >>>>>>> What that’s saying is basically it could not find a destination for >>>>>>> the set you are asking for. >>>>>>> >>>>>>> Either because the setid you provide with the function doesn’t >>>>>>> exist, or the destination is not responding to the pings. >>>>>>> >>>>>>> >>>>>>> On Sat, 9 Nov 2019 at 10:33, sthustfo <[email protected]> wrote: >>>>>>> >>>>>>>> Thanks Karsten. The setup consists of client connecting to kamailio >>>>>>>> over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server >>>>>>>> (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch >>>>>>>> list >>>>>>>> as below >>>>>>>> >>>>>>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>>>>>> priority(int,opt), attrs (str,optional) >>>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>>>>> socket=tls:10.0.0.14:5061;ping_from=sip:10.0.0.14 >>>>>>>> >>>>>>>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No >>>>>>>> destination". And in the logs, I see following statement. >>>>>>>> >>>>>>>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no >>>>>>>> destination sets >>>>>>>> >>>>>>>> What does this mean? Is kamailio not able to talk to SIP server for >>>>>>>> some reason? >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> Your config line for the dispatcher makes no sense for me. >>>>>>>>> >>>>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: >>>>>>>>> 10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>>>>>> >>>>>>>>> >>>>>>>>> Means setid 1007 (like an group to arrange multiple targets) okay. >>>>>>>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target >>>>>>>>> Uri. Where your calls are placed when you call the dispatcher >>>>>>>>> function with >>>>>>>>> setid 1007. >>>>>>>>> >>>>>>>>> In combination with socket=10.0.0.100:5061 (that indicates your >>>>>>>>> Kamailio socket, the proxy ip) >>>>>>>>> That you talking with yourself. >>>>>>>>> >>>>>>>>> You should read the module documentations for dispatcher and tls. >>>>>>>>> >>>>>>>>> Or describe your ip setup and your config a bit more. >>>>>>>>> >>>>>>>>> Cheers >>>>>>>>> Karsten >>>>>>>>> >>>>>>>>> sthustfo <[email protected]> schrieb am Fr., 8. Nov. 2019, 17:41: >>>>>>>>> >>>>>>>>>> Hi Karsten, David, >>>>>>>>>> >>>>>>>>>> Thanks for your pointers. Earlier I was using mysql backend where >>>>>>>>>> the dispatch list was stored. Now following your suggestions, I have >>>>>>>>>> switched to dispatcher list in a file >>>>>>>>>> (/etc/kamailio/dispatcher.list) and >>>>>>>>>> put in the following >>>>>>>>>> >>>>>>>>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>>>>>>>> priority(int,opt), attrs (str,optional) >>>>>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>>>>>>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>>>>>>> >>>>>>>>>> Even with this, when HTTP request in, the same is upgraded to WS >>>>>>>>>> connection. But this gets closed after couple of seconds. Does the >>>>>>>>>> below >>>>>>>>>> log indicate anything? >>>>>>>>>> >>>>>>>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >>>>>>>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >>>>>>>>>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): >>>>>>>>>> destroying list (nil) >>>>>>>>>> >>>>>>>>>> Is there any way to understand what's happening? I do not see any >>>>>>>>>> other error lin logs. >>>>>>>>>> >>>>>>>>>> Thanks. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> On 06.11.19 20:46, Karsten Horsmann wrote: >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> the sips Uri schemata is not used for tls with dispatcher. >>>>>>>>>>> >>>>>>>>>>> jumping in to clarify a bit about sips protocol schema. It >>>>>>>>>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips >>>>>>>>>>> is >>>>>>>>>>> mandating that the traffic goes over secure links, which can be >>>>>>>>>>> IPSec/VPN >>>>>>>>>>> or even just private network, so it is ok using UDP or TCP when >>>>>>>>>>> sips is >>>>>>>>>>> present. >>>>>>>>>>> >>>>>>>>>>> In SIP, if TLS is wanted, then transport=tls has to be added to >>>>>>>>>>> the URI. >>>>>>>>>>> >>>>>>>>>>> As for dispatcher, one more clarification: trasport=tls in attrs >>>>>>>>>>> has nothing to do with the destination address, so that has to be >>>>>>>>>>> in the >>>>>>>>>>> value of the destination field, as Karsten gave in his example. >>>>>>>>>>> >>>>>>>>>>> And, as general note: better do not use sips at all, it can mess >>>>>>>>>>> up some nodes in the path, if you are not sure about the need of >>>>>>>>>>> sips -- >>>>>>>>>>> just do uri;trasport=tls. >>>>>>>>>>> >>>>>>>>>>> Cheers, >>>>>>>>>>> Daniel >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Here an example for flatfile dispatcher.list (need corrected >>>>>>>>>>> values). >>>>>>>>>>> >>>>>>>>>>> The socket line must match an listen directive in your >>>>>>>>>>> Kamailio.cfg. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>>>>>>>>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>>>>>>>>> priority(int,opt), attrs (str,optional) >>>>>>>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>>>>>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>>>>>>>>>> >>>>>>>>>>> Cheers >>>>>>>>>>> Karsten >>>>>>>>>>> >>>>>>>>>>> sthustfo <[email protected]> schrieb am Mi., 6. Nov. 2019, >>>>>>>>>>> 20:32: >>>>>>>>>>> >>>>>>>>>>>> I have a basic setup where kamailio receives SIP over websocket >>>>>>>>>>>> (no WSS) and forwards to SIP server over TLS. I have enabled TLS in >>>>>>>>>>>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>>>>>>>>>> transport=tls. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>>>>> | id | setid | destination | flags | priority | >>>>>>>>>>>> attrs | description | >>>>>>>>>>>> >>>>>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>>>>>>>>>> transport=tls | SIP SERVER | >>>>>>>>>>>> >>>>>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>>>>> >>>>>>>>>>>> Now when REGISTER is received over websocket, kamailio is >>>>>>>>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, >>>>>>>>>>>> server >>>>>>>>>>>> error occurred (7/SL)". And on the console I see the following >>>>>>>>>>>> error >>>>>>>>>>>> messages. >>>>>>>>>>>> >>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>>>>> <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>>>>>>>>>> f1ecf7bcb659b07fe81e332e100044e5 >>>>>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for >>>>>>>>>>>> "10.0.0.100" af 2 >>>>>>>>>>>> (tls:10.0.0.100:5061) >>>>>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>>>>>>>>>> corresponding listening socket) >>>>>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 >>>>>>>>>>>> (-7) >>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>>>>>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>>>>>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] >>>>>>>>>>>> l=587 a=24 >>>>>>>>>>>> n=sl_reply_error >>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>>>>> <core> [core/msg_translator.c:162]: check_via_address(): >>>>>>>>>>>> (10.0.0.14, >>>>>>>>>>>> hsvmphm3ps12.invalid, 0) >>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>>>>>>>>>> >>>>>>>>>>>> *tls.cfg contents* >>>>>>>>>>>> [client:default] >>>>>>>>>>>> method = TLSv1 >>>>>>>>>>>> verify_certificate = yes >>>>>>>>>>>> require_certificate = yes >>>>>>>>>>>> private_key = /home/test/kamailio/internal.key >>>>>>>>>>>> certificate = /home/test/kamailio/internal.crt >>>>>>>>>>>> ca_list = /home/test/kamailio/ca_list.pem >>>>>>>>>>>> >>>>>>>>>>>> Any reason why this error is seen? Any inputs appreciated. >>>>>>>>>>>> >>>>>>>>>>>> Thanks. >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Kamailio (SER) - Users Mailing >>>>>>>>>>> [email protected]https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda >>>>>>>>>>> -- www.linkedin.com/in/miconda >>>>>>>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- >>>>>>>>>>> www.kamailioworld.com >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>>>>> [email protected] >>>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>>> [email protected] >>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>> [email protected] >>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> >>>>>>> David Villasmil >>>>>>> email: [email protected] >>>>>>> phone: +34669448337 >>>>>>> _______________________________________________ >>>>>>> Kamailio (SER) - Users Mailing List >>>>>>> [email protected] >>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing List >>>>>> [email protected] >>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> [email protected] >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> [email protected] >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> -- >>> Regards, >>> >>> David Villasmil >>> email: [email protected] >>> phone: +34669448337 >>> >> -- >> Regards, >> >> David Villasmil >> email: [email protected] >> phone: +34669448337 >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > -- Regards, David Villasmil email: [email protected] phone: +34669448337
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
