Re: [SR-Users] Kamailio like SBC with Teams

Thu, 16 Apr 2020 11:33:14 -0700 

Hi SIP User/anonymous/one-time-visitor/,

Your TLS config isn't correct. The article clearly says
verify/require_certificate must be set to 'yes'

*kamcmd tls.list*
Does it show any 'established' connections with MS proxy?

Good luck,

--Sergiu

On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas <[email protected]> wrote:

> The tutorial is pretty clear:
> You need to add the Contact header only for OPTIONS pings.
> You need to use the proper Record-Route headers based on the direction
> of the call.
> There's no out of the box solution because each setup is different.
>
> If you understand how loose routing works in SIP, then you know how to
> adjust the config to use record_route_preset(), just as explained in
> the tutorial. There is also an example of an INVITE that has the right
> Record-Route headers in the tutorial.
>
> You can choose to use the FQDN for the Record-Route header facing MS
> and the IP for the Record-Route header facing the carrier or use the
> FQDN for both Record-Route headers (just like in the tutorialexample).
> Alternatively, one can try to advertise the FQDN in the listen
> directive in the config and then the Record-Route headers should be
> populated automatically.
>
> Regards,
> Ovidiu Sas
>
> On Thu, Apr 16, 2020 at 10:50 AM sip user <[email protected]> wrote:
> >
> > Hi Nasida.. Thanks for answerd to me...
> >
> > I've activarted the debugger module, and I see the same:
> >
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2,
> 0x7f90f2438f80), fd_no=17
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0)
> fd_no=18 called
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for
> activity on [tls:SBC_IP:5061], 0x7f90f2438f80
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c=
> 0x7f90f2438f80 n=1468 fd=9
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003
> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2,
> 0x7f90f2438f80), fd_no=1
> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10)
> fd_no=2 called
> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state
> -1, fd=9, id=30
> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1435]: release_tcpconn():  extra_data 0x7f90f2432b40
> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response=
> 7f90f2438f80, -1 from 1
> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
> >
> > I don't see any different.
> >
> > I know that the module is loaded because I see:
> >
> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
> >
> > When I restart kamailio, but when I "launch" a call from Teams to my
> Kamailio I only see that.
> >
> > To configure it, I follow https://skalatan.de/en/blog/kamailio-sbc-teams..
> But I cannot make it works..
> >
> > Any more thing that i can test or do??
> >
> > Thanks
> >
> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (<[email protected]>)
> escribió:
> >>
> >> Wow, so many people want to configure kamailio with MS. First of all i
> think you need to get sip debug  between kamailio and MS. Kamilio has
> module to save sip traces. This way you will get sip debug decrypted.
> >>
> >>
> >> ________________________________
> >> От: sr-users <[email protected]> от имени sip user <
> [email protected]>
> >> Отправлено: 16 апреля 2020 г. 10:19
> >> Кому: [email protected] <[email protected]>
> >> Тема: [SR-Users] Kamailio like SBC with Teams
> >>
> >> Hello good morning ... I am new to this list and I was starting to mess
> with Kamailio, mainly to set it up as SBC against Teams, in this case.
> >>
> >> But I can't get it to work for me. If I launch a call from the Teams,
> in the Kamailio I see:
> >>
> >> 1.- In syslog:
> >>
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2,
> 0x7f90f2438f80), fd_no=17
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0)
> fd_no=18 called
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for
> activity on [tls:SBC_IP:5061], 0x7f90f2438f80
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c=
> 0x7f90f2438f80 n=1468 fd=9
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003
> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2,
> 0x7f90f2438f80), fd_no=1
> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10)
> fd_no=2 called
> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state
> -1, fd=9, id=30
> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
> [tcp_read.c:1435]: release_tcpconn():  extra_data 0x7f90f2432b40
> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response=
> 7f90f2438f80, -1 from 1
> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
> >>
> >> 2.- With TCPDUMP:
> >>
> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq
> 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK],
> length 0
> >> 11:13:09.311898 IP  SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.],
> seq 812357247, ack 261244615, win 29200, options [mss
> 1460,nop,nop,sackOK,nop,wscale 7], length 0
> >> 11:13:09.340358 IP 52.114.76.76.1024 >  SBC_IP .eu.sip-tls: Flags [.],
> ack 1, win 2053, length 0
> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.],
> seq 1:187, ack 1, win 2053, length 186
> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.],
> ack 187, win 237, length 0
> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.],
> seq 1:1469, ack 187, win 237, length 1468
> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
> ack 1469, win 2053, length 0
> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S],
> seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK],
> length 0
> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.],
> seq 3275066862, ack 309084205, win 29200, options [mss
> 1460,nop,nop,sackOK,nop,wscale 7], length 0
> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
> ack 1, win 2053, length 0
> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.],
> seq 1:187, ack 1, win 2053, length 186
> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.],
> ack 187, win 237, length 0
> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.],
> seq 1:1469, ack 187, win 237, length 1468
> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
> ack 1469, win 2053, length 0
> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.],
> seq 187, ack 1469, win 2053, length 0
> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.],
> seq 1469, ack 188, win 237, length 0
> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
> ack 1470, win 2053, length 0
> >>
> >> I can't "receive" anything.
> >>
> >> I have generated the certificates and configured in the tls.cfg of the
> Kamailio:
> >>
> >> [server:default]
> >> method = TLSv1.2
> >> verify_certificate = no
> >> require_certificate = no
> >> private_key = /etc/letsencrypt/ssl/cert.key
> >> certificate = /etc/letsencrypt/ssl/cert.crt
> >> ca_list = /etc/letsencrypt/ssl/ca.crt
> >>
> >> Within Kamailio itself I have it configured to return a 200 KeepAlive
> to Teams when it receives an OPTIONS:
> >>
> >> event_route[tm:local-request] {
> >>
> >>         if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") {
> >>                append_hf("Contact: <sip: SBC_DNS
> :5061;transport=tls>\r\n");
> >>         }
> >>         xlog("L_INFO", "Sent out tm request: $mb\n");
> >> }
> >>
> >> And I have measured the record_route for this new one:
> >>
> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
> >>
> >> I have created a dispatcher.list:
> >>
> >> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP
> :5061;ping_from= sip:SBC_DNS
> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
> SBC_IP :5061;ping_from=sip: SBC_DNS
> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
> SBC_IP :5061;ping_from=sip: SBC_DNS
> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
> SBC_IP :5061;ping_from=sip: SBC_DNS
> >>
> >> I think that one of the problems is that I do not send the OPTIONS to
> the Teams well, since it is on their panel, it indicates that the SBC is
> INACTIVE.
> >>
> >> I don't know if you could help me straighten this out a bit ...
> >>
> >> Thank you so much for everything..
> >>
> >> a greeting
> >> _______________________________________________
> >> Kamailio (SER) - Users Mailing List
> >> [email protected]
> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > [email protected]
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> --
> VoIP Embedded, Inc.
> http://www.voipembedded.com
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> [email protected]
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>

_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to