Suggest reading Fred's article about configuring Kamailio with Letsencrypt https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/
On Fri, Apr 17, 2020 at 3:00 AM sip user <[email protected]> wrote: > Hi Sergiu.. > > I've made many test and many change... > > In tls.cfg I have this: > > [server:default] > method = TLSv1.2 > verify_certificate = yes > require_certificate = yes > private_key = /etc/letsencrypt/ssl/cert.key > certificate = /etc/letsencrypt/ssl/cert.crt > ca_list = /etc/letsencrypt/ssl/ca.crt > > [client:default] > method = TLSv1.2 > verify_certificate = yes > require_certificate = yes > private_key = /etc/letsencrypt/ssl/cert.key > certificate = /etc/letsencrypt/ssl/cert.crt > ca_list = /etc/letsencrypt/ssl/ca.crt > > But when I make Kamcmd tls.list I have not response.. Not show me anything. > > Problem with certificated?? > > Thanks > > El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (<[email protected]>) > escribió: > >> Hi SIP User/anonymous/one-time-visitor/, >> >> Your TLS config isn't correct. The article clearly says >> verify/require_certificate must be set to 'yes' >> >> *kamcmd tls.list* >> Does it show any 'established' connections with MS proxy? >> >> Good luck, >> >> --Sergiu >> >> On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas <[email protected]> >> wrote: >> >>> The tutorial is pretty clear: >>> You need to add the Contact header only for OPTIONS pings. >>> You need to use the proper Record-Route headers based on the direction >>> of the call. >>> There's no out of the box solution because each setup is different. >>> >>> If you understand how loose routing works in SIP, then you know how to >>> adjust the config to use record_route_preset(), just as explained in >>> the tutorial. There is also an example of an INVITE that has the right >>> Record-Route headers in the tutorial. >>> >>> You can choose to use the FQDN for the Record-Route header facing MS >>> and the IP for the Record-Route header facing the carrier or use the >>> FQDN for both Record-Route headers (just like in the tutorialexample). >>> Alternatively, one can try to advertise the FQDN in the listen >>> directive in the config and then the Record-Route headers should be >>> populated automatically. >>> >>> Regards, >>> Ovidiu Sas >>> >>> On Thu, Apr 16, 2020 at 10:50 AM sip user <[email protected]> wrote: >>> > >>> > Hi Nasida.. Thanks for answerd to me... >>> > >>> > I've activarted the debugger module, and I see the same: >>> > >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >>> 0x7f90f2438f80), fd_no=17 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) >>> fd_no=18 called >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >>> 0x7f90f2438f80 n=1468 fd=9 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >>> 0x7f90f2438f80), fd_no=1 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) >>> fd_no=2 called >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state >>> -1, fd=9, id=30 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= >>> 7f90f2438f80, -1 from 1 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>> > >>> > I don't see any different. >>> > >>> > I know that the module is loaded because I see: >>> > >>> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] >>> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route >>> > >>> > When I restart kamailio, but when I "launch" a call from Teams to my >>> Kamailio I only see that. >>> > >>> > To configure it, I follow >>> https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it >>> works.. >>> > >>> > Any more thing that i can test or do?? >>> > >>> > Thanks >>> > >>> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (<[email protected]>) >>> escribió: >>> >> >>> >> Wow, so many people want to configure kamailio with MS. First of all >>> i think you need to get sip debug between kamailio and MS. Kamilio has >>> module to save sip traces. This way you will get sip debug decrypted. >>> >> >>> >> >>> >> ________________________________ >>> >> От: sr-users <[email protected]> от имени sip user >>> <[email protected]> >>> >> Отправлено: 16 апреля 2020 г. 10:19 >>> >> Кому: [email protected] <[email protected]> >>> >> Тема: [SR-Users] Kamailio like SBC with Teams >>> >> >>> >> Hello good morning ... I am new to this list and I was starting to >>> mess with Kamailio, mainly to set it up as SBC against Teams, in this case. >>> >> >>> >> But I can't get it to work for me. If I launch a call from the Teams, >>> in the Kamailio I see: >>> >> >>> >> 1.- In syslog: >>> >> >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >>> 0x7f90f2438f80), fd_no=17 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) >>> fd_no=18 called >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >>> 0x7f90f2438f80 n=1468 fd=9 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >>> 0x7f90f2438f80), fd_no=1 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) >>> fd_no=2 called >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state >>> -1, fd=9, id=30 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= >>> 7f90f2438f80, -1 from 1 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>> >> >>> >> 2.- With TCPDUMP: >>> >> >>> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq >>> 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], >>> length 0 >>> >> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags >>> [S.], seq 812357247, ack 261244615, win 29200, options [mss >>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>> >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags >>> [.], ack 1, win 2053, length 0 >>> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags >>> [P.], seq 1:187, ack 1, win 2053, length 186 >>> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.], >>> ack 187, win 237, length 0 >>> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags >>> [P.], seq 1:1469, ack 187, win 237, length 1468 >>> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], >>> ack 1469, win 2053, length 0 >>> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S], >>> seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], >>> length 0 >>> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.], >>> seq 3275066862, ack 309084205, win 29200, options [mss >>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], >>> ack 1, win 2053, length 0 >>> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.], >>> seq 1:187, ack 1, win 2053, length 186 >>> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.], >>> ack 187, win 237, length 0 >>> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.], >>> seq 1:1469, ack 187, win 237, length 1468 >>> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], >>> ack 1469, win 2053, length 0 >>> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.], >>> seq 187, ack 1469, win 2053, length 0 >>> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.], >>> seq 1469, ack 188, win 237, length 0 >>> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], >>> ack 1470, win 2053, length 0 >>> >> >>> >> I can't "receive" anything. >>> >> >>> >> I have generated the certificates and configured in the tls.cfg of >>> the Kamailio: >>> >> >>> >> [server:default] >>> >> method = TLSv1.2 >>> >> verify_certificate = no >>> >> require_certificate = no >>> >> private_key = /etc/letsencrypt/ssl/cert.key >>> >> certificate = /etc/letsencrypt/ssl/cert.crt >>> >> ca_list = /etc/letsencrypt/ssl/ca.crt >>> >> >>> >> Within Kamailio itself I have it configured to return a 200 KeepAlive >>> to Teams when it receives an OPTIONS: >>> >> >>> >> event_route[tm:local-request] { >>> >> >>> >> if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { >>> >> append_hf("Contact: <sip: SBC_DNS >>> :5061;transport=tls>\r\n"); >>> >> } >>> >> xlog("L_INFO", "Sent out tm request: $mb\n"); >>> >> } >>> >> >>> >> And I have measured the record_route for this new one: >>> >> >>> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061"); >>> >> >>> >> I have created a dispatcher.list: >>> >> >>> >> # setid(integer) destination(sip uri) flags (integer, optional), >>> priority(int,opt), attrs (str,optional) >>> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: >>> SBC_IP :5061;ping_from= sip:SBC_DNS >>> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: >>> SBC_IP :5061;ping_from=sip: SBC_DNS >>> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: >>> SBC_IP :5061;ping_from=sip: SBC_DNS >>> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: >>> SBC_IP :5061;ping_from=sip: SBC_DNS >>> >> >>> >> I think that one of the problems is that I do not send the OPTIONS to >>> the Teams well, since it is on their panel, it indicates that the SBC is >>> INACTIVE. >>> >> >>> >> I don't know if you could help me straighten this out a bit ... >>> >> >>> >> Thank you so much for everything.. >>> >> >>> >> a greeting >>> >> _______________________________________________ >>> >> Kamailio (SER) - Users Mailing List >>> >> [email protected] >>> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> > >>> > _______________________________________________ >>> > Kamailio (SER) - Users Mailing List >>> > [email protected] >>> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >>> >>> >>> -- >>> VoIP Embedded, Inc. >>> http://www.voipembedded.com >>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> [email protected] >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
