Check out below thread, it explains it all. https://lists.kamailio.org/pipermail/sr-users/2020-March/108684.html
On Mon, Apr 20, 2020 at 3:24 PM sip user <[email protected]> wrote: > Sorry.. Im a bit loose in this one... > > So, ive use letsencrypy to generate the certificate, and the CA, how i > have to generate? > > Thanks > > El lun., 20 abr. 2020 19:06, Sergiu Pojoga <[email protected]> escribió: > >> ca_list= /etc/letsencrypt/live/FQND/chain.pem >> >> Is that pointing to your Root CA certificate? I highly doubt it. >> That's probably the reason why you get "tls_read_f(): TLS >> write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate >> verify failed" >> >> On Mon, Apr 20, 2020 at 11:53 AM sip user <[email protected]> wrote: >> >>> Hi.. >>> >>> Thank you all very much for answering me. >>> >>> I have made many test: >>> >>> First, I've installed ssl cert with letsencrypt, like >>> https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one >>> i made it before. >>> >>> I've configured tls.cfg like: >>> >>> [server:default] >>> method = TLSv1.2 >>> verify_certificate = yes >>> require_certificate = yes >>> private_key = /etc/letsencrypt/live/FQND/privkey.pem >>> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem >>> ca_list= /etc/letsencrypt/live/FQND/chain.pem >>> >>> [client:default] >>> method = TLSv1.2 >>> verify_certificate = yes >>> require_certificate = yes >>> private_key = /etc/letsencrypt/live/FQND/privkey.pem >>> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem >>> ca_list= /etc/letsencrypt/live/FQND/chain.pem >>> >>> In syslog I received: >>> >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent >>> out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls >>> SIP/2.0#015#012Via: SIP/2.0/TLS >>> SBC-IP:5061;branch=z9hG4bK66bb.a6291812000000000000000000000000.0#015#012To: >>> <sip:sip.pstnhub.microsoft.com;transport=tls>#015#012From: >>> <sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: >>> 10 OPTIONS#015#012Call-ID: >>> [email protected]#015#012Max-Forwards >>> <http://[email protected]#015%23012Max-Forwards>: >>> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 >>> (x86_64/linux)) >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent >>> out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls >>> SIP/2.0#015#012Via: SIP/2.0/TLS >>> SBC-IP:5061;branch=z9hG4bK59bb.f565cf11000000000000000000000000.0#015#012To: >>> <sip:sip2.pstnhub.microsoft.com;transport=tls>#015#012From: >>> <sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: >>> 10 OPTIONS#015#012Call-ID: >>> [email protected]#015#012Max-Forwards >>> <http://[email protected]#015%23012Max-Forwards>: >>> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 >>> (x86_64/linux)) >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls >>> [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> >>> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent >>> out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls >>> SIP/2.0#015#012Via: SIP/2.0/TLS >>> SBC-IP:5061;branch=z9hG4bK69bb.212aa3c7000000000000000000000000.0#015#012To: >>> <sip:sip3.pstnhub.microsoft.com;transport=tls>#015#012From: >>> <sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: >>> 10 OPTIONS#015#012Call-ID: >>> [email protected]#015#012Max-Forwards >>> <http://[email protected]#015%23012Max-Forwards>: >>> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 >>> (x86_64/linux)) >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls >>> [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> >>> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls >>> [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> >>> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading >>> >>> And If I make kamcmd tls.list, I have no response. >>> >>> Test two: >>> >>> If I coonfigure tls.cfg like: >>> >>> [server:default] >>> method = TLSv1.2 >>> verify_certificate = no >>> require_certificate = no >>> private_key = /etc/letsencrypt/live/FQND/privkey.pem >>> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem >>> ca_list= /etc/letsencrypt/live/FQND/chain.pem >>> >>> [client:default] >>> method = TLSv1.2 >>> verify_certificate = no >>> require_certificate = no >>> private_key = /etc/letsencrypt/live/FQND/privkey.pem >>> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem >>> ca_list= /etc/letsencrypt/live/FQND/chain.pem >>> >>> In syslog: >>> >>> Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left >>> promiscuous mode >>> Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent >>> out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls >>> SIP/2.0#015#012Via: SIP/2.0/TLS >>> SBC-IP:5061;branch=z9hG4bKf62f.0c39c2d0000000000000000000000000.0#015#012To: >>> <sip:sip.pstnhub.microsoft.com;transport=tls>#015#012From: >>> <sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: >>> 10 OPTIONS#015#012Call-ID: >>> [email protected]#015#012Max-Forwards >>> <http://[email protected]#015%23012Max-Forwards>: >>> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 >>> (x86_64/linux)) >>> Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent >>> out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls >>> SIP/2.0#015#012Via: SIP/2.0/TLS >>> SBC-IP:5061;branch=z9hG4bK072f.0e9be960000000000000000000000000.0#015#012To: >>> <sip:sip2.pstnhub.microsoft.com;transport=tls>#015#012From: >>> <sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: >>> 10 OPTIONS#015#012Call-ID: >>> [email protected]#015#012Max-Forwards >>> <http://[email protected]#015%23012Max-Forwards>: >>> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 >>> (x86_64/linux)) >>> Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent >>> out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls >>> SIP/2.0#015#012Via: SIP/2.0/TLS >>> SBC-IP:5061;branch=z9hG4bKd62f.82d8b643000000000000000000000000.0#015#012To: >>> <sip:sip3.pstnhub.microsoft.com;transport=tls>#015#012From: >>> <sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: >>> 10 OPTIONS#015#012Call-ID: >>> [email protected]#015#012Max-Forwards >>> <http://[email protected]#015%23012Max-Forwards>: >>> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 >>> (x86_64/linux)) >>> >>> And If I make kamcmd tls.list: >>> >>> { >>> id: 1 >>> timeout: 3595 >>> src_ip: 52.114.75.24 >>> src_port: 5061 >>> dst_ip: SBC-IP >>> dst_port: 37531 >>> cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA >>> Enc=AESGCM(256) Mac=AEAD >>> ct_wq_size: 0 >>> enc_rd_buf: 0 >>> flags: 2 >>> state: established >>> } >>> { >>> id: 2 >>> timeout: 3596 >>> src_ip: 52.114.132.46 >>> src_port: 5061 >>> dst_ip: SBC-IP >>> dst_port: 33370 >>> cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA >>> Enc=AESGCM(256) Mac=AEAD >>> ct_wq_size: 0 >>> enc_rd_buf: 0 >>> flags: 2 >>> state: established >>> } >>> { >>> id: 3 >>> timeout: 3596 >>> src_ip: 52.114.7.24 >>> src_port: 5061 >>> dst_ip: SBC-IP >>> dst_port: 48819 >>> cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA >>> Enc=AESGCM(256) Mac=AEAD >>> ct_wq_size: 0 >>> enc_rd_buf: 0 >>> flags: 2 >>> state: established >>> } >>> >>> And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see: >>> >>> URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP >>> URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX >>> URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP >>> >>> But in Teams Direct Routing I always see my SBC with problems, never >>> active. >>> >>> In kamailio.cfg I've configure just before request_route: >>> >>> event_route[tm:local-request] { >>> if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { >>> append_hf("Contact: >>> <sip:SBC-DNS:5061;transport=tls>\r\n"); >>> } >>> xlog("L_INFO", "Sent out tm request: $mb\n"); >>> } >>> >>> I don't know where could be the problem.. >>> >>> Any more else I can test? >>> >>> Thanks for all..!! >>> >>> El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (<[email protected]>) >>> escribió: >>> >>>> Probably. You can get full pcap files using tcpdump and check TLS >>>> handshakes usign wireshark. >>>> Also it is not really need to check cert on the side of kamailio. You >>>> can set (at least for tests) >>>> verify_certificate = no >>>> require_certificate = no >>>> >>>> On Fri, 17 Apr 2020 at 10:02, sip user <[email protected]> wrote: >>>> >>>>> Hi Sergiu.. >>>>> >>>>> I've made many test and many change... >>>>> >>>>> In tls.cfg I have this: >>>>> >>>>> [server:default] >>>>> method = TLSv1.2 >>>>> verify_certificate = yes >>>>> require_certificate = yes >>>>> private_key = /etc/letsencrypt/ssl/cert.key >>>>> certificate = /etc/letsencrypt/ssl/cert.crt >>>>> ca_list = /etc/letsencrypt/ssl/ca.crt >>>>> >>>>> [client:default] >>>>> method = TLSv1.2 >>>>> verify_certificate = yes >>>>> require_certificate = yes >>>>> private_key = /etc/letsencrypt/ssl/cert.key >>>>> certificate = /etc/letsencrypt/ssl/cert.crt >>>>> ca_list = /etc/letsencrypt/ssl/ca.crt >>>>> >>>>> But when I make Kamcmd tls.list I have not response.. Not show me >>>>> anything. >>>>> >>>>> Problem with certificated?? >>>>> >>>>> Thanks >>>>> >>>>> El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (<[email protected]>) >>>>> escribió: >>>>> >>>>>> Hi SIP User/anonymous/one-time-visitor/, >>>>>> >>>>>> Your TLS config isn't correct. The article clearly says >>>>>> verify/require_certificate must be set to 'yes' >>>>>> >>>>>> *kamcmd tls.list* >>>>>> Does it show any 'established' connections with MS proxy? >>>>>> >>>>>> Good luck, >>>>>> >>>>>> --Sergiu >>>>>> >>>>>> On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> The tutorial is pretty clear: >>>>>>> You need to add the Contact header only for OPTIONS pings. >>>>>>> You need to use the proper Record-Route headers based on the >>>>>>> direction >>>>>>> of the call. >>>>>>> There's no out of the box solution because each setup is different. >>>>>>> >>>>>>> If you understand how loose routing works in SIP, then you know how >>>>>>> to >>>>>>> adjust the config to use record_route_preset(), just as explained in >>>>>>> the tutorial. There is also an example of an INVITE that has the >>>>>>> right >>>>>>> Record-Route headers in the tutorial. >>>>>>> >>>>>>> You can choose to use the FQDN for the Record-Route header facing MS >>>>>>> and the IP for the Record-Route header facing the carrier or use the >>>>>>> FQDN for both Record-Route headers (just like in the >>>>>>> tutorialexample). >>>>>>> Alternatively, one can try to advertise the FQDN in the listen >>>>>>> directive in the config and then the Record-Route headers should be >>>>>>> populated automatically. >>>>>>> >>>>>>> Regards, >>>>>>> Ovidiu Sas >>>>>>> >>>>>>> On Thu, Apr 16, 2020 at 10:50 AM sip user <[email protected]> >>>>>>> wrote: >>>>>>> > >>>>>>> > Hi Nasida.. Thanks for answerd to me... >>>>>>> > >>>>>>> > I've activarted the debugger module, and I see the same: >>>>>>> > >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >>>>>>> 52.114.7.24 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >>>>>>> 0x7f90f2438f80), fd_no=17 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, >>>>>>> 0x0) >>>>>>> fd_no=18 called >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, >>>>>>> events 1 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >>>>>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>>>>>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>>>>>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >>>>>>> 0x7f90f2438f80 n=1468 fd=9 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >>>>>>> 0x7f90f2438f80), fd_no=1 >>>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, >>>>>>> 0x10) >>>>>>> fd_no=2 called >>>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, >>>>>>> state >>>>>>> -1, fd=9, id=30 >>>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> >>>>>>> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> >>>>>>> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >>>>>>> response= >>>>>>> 7f90f2438f80, -1 from 1 >>>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >>>>>>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>>>>>> > >>>>>>> > I don't see any different. >>>>>>> > >>>>>>> > I know that the module is loaded because I see: >>>>>>> > >>>>>>> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] >>>>>>> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route >>>>>>> > >>>>>>> > When I restart kamailio, but when I "launch" a call from Teams to >>>>>>> my Kamailio I only see that. >>>>>>> > >>>>>>> > To configure it, I follow >>>>>>> https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make >>>>>>> it works.. >>>>>>> > >>>>>>> > Any more thing that i can test or do?? >>>>>>> > >>>>>>> > Thanks >>>>>>> > >>>>>>> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (<[email protected]>) >>>>>>> escribió: >>>>>>> >> >>>>>>> >> Wow, so many people want to configure kamailio with MS. First of >>>>>>> all i think you need to get sip debug between kamailio and MS. Kamilio >>>>>>> has >>>>>>> module to save sip traces. This way you will get sip debug decrypted. >>>>>>> >> >>>>>>> >> >>>>>>> >> ________________________________ >>>>>>> >> От: sr-users <[email protected]> от имени sip >>>>>>> user <[email protected]> >>>>>>> >> Отправлено: 16 апреля 2020 г. 10:19 >>>>>>> >> Кому: [email protected] <[email protected]> >>>>>>> >> Тема: [SR-Users] Kamailio like SBC with Teams >>>>>>> >> >>>>>>> >> Hello good morning ... I am new to this list and I was starting >>>>>>> to mess with Kamailio, mainly to set it up as SBC against Teams, in this >>>>>>> case. >>>>>>> >> >>>>>>> >> But I can't get it to work for me. If I launch a call from the >>>>>>> Teams, in the Kamailio I see: >>>>>>> >> >>>>>>> >> 1.- In syslog: >>>>>>> >> >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >>>>>>> 52.114.7.24 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, >>>>>>> type 3 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: >>>>>>> 171:1857:1187, 30 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, >>>>>>> 2, >>>>>>> 0x7f90f2438f80), fd_no=17 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, >>>>>>> -1, 0x0) fd_no=18 called >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to >>>>>>> child, >>>>>>> events 1 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) >>>>>>> for >>>>>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, >>>>>>> fd=9 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>>>>>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>>>>>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real >>>>>>> write: c= >>>>>>> 0x7f90f2438f80 n=1468 fd=9 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, >>>>>>> 2, >>>>>>> 0x7f90f2438f80), fd_no=1 >>>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, >>>>>>> -1, >>>>>>> 0x10) fd_no=2 called >>>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con >>>>>>> 0x7f90f2438f80, >>>>>>> state -1, fd=9, id=30 >>>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>>>>> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>>>>> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >>>>>>> response= 7f90f2438f80, -1 from 1 >>>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >>>>>>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>>>>>> >> >>>>>>> >> 2.- With TCPDUMP: >>>>>>> >> >>>>>>> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], >>>>>>> seq 261244614, win 64240, options [mss 1440,nop,wscale >>>>>>> 8,nop,nop,sackOK], >>>>>>> length 0 >>>>>>> >> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags >>>>>>> [S.], seq 812357247, ack 261244615, win 29200, options [mss >>>>>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>>>>>> >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags >>>>>>> [.], ack 1, win 2053, length 0 >>>>>>> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags >>>>>>> [P.], seq 1:187, ack 1, win 2053, length 186 >>>>>>> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags >>>>>>> [.], ack 187, win 237, length 0 >>>>>>> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags >>>>>>> [P.], seq 1:1469, ack 187, win 237, length 1468 >>>>>>> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags >>>>>>> [.], ack 1469, win 2053, length 0 >>>>>>> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>>>>>> [S], seq 309084204, win 64240, options [mss 1440,nop,wscale >>>>>>> 8,nop,nop,sackOK], length 0 >>>>>>> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>>>>>> [S.], seq 3275066862, ack 309084205, win 29200, options [mss >>>>>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>>>>>> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>>>>>> [.], ack 1, win 2053, length 0 >>>>>>> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>>>>>> [P.], seq 1:187, ack 1, win 2053, length 186 >>>>>>> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>>>>>> [.], ack 187, win 237, length 0 >>>>>>> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>>>>>> [P.], seq 1:1469, ack 187, win 237, length 1468 >>>>>>> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>>>>>> [.], ack 1469, win 2053, length 0 >>>>>>> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>>>>>> [F.], seq 187, ack 1469, win 2053, length 0 >>>>>>> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>>>>>> [F.], seq 1469, ack 188, win 237, length 0 >>>>>>> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>>>>>> [.], ack 1470, win 2053, length 0 >>>>>>> >> >>>>>>> >> I can't "receive" anything. >>>>>>> >> >>>>>>> >> I have generated the certificates and configured in the tls.cfg >>>>>>> of the Kamailio: >>>>>>> >> >>>>>>> >> [server:default] >>>>>>> >> method = TLSv1.2 >>>>>>> >> verify_certificate = no >>>>>>> >> require_certificate = no >>>>>>> >> private_key = /etc/letsencrypt/ssl/cert.key >>>>>>> >> certificate = /etc/letsencrypt/ssl/cert.crt >>>>>>> >> ca_list = /etc/letsencrypt/ssl/ca.crt >>>>>>> >> >>>>>>> >> Within Kamailio itself I have it configured to return a 200 >>>>>>> KeepAlive to Teams when it receives an OPTIONS: >>>>>>> >> >>>>>>> >> event_route[tm:local-request] { >>>>>>> >> >>>>>>> >> if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") >>>>>>> { >>>>>>> >> append_hf("Contact: <sip: SBC_DNS >>>>>>> :5061;transport=tls>\r\n"); >>>>>>> >> } >>>>>>> >> xlog("L_INFO", "Sent out tm request: $mb\n"); >>>>>>> >> } >>>>>>> >> >>>>>>> >> And I have measured the record_route for this new one: >>>>>>> >> >>>>>>> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP >>>>>>> :5061"); >>>>>>> >> >>>>>>> >> I have created a dispatcher.list: >>>>>>> >> >>>>>>> >> # setid(integer) destination(sip uri) flags (integer, optional), >>>>>>> priority(int,opt), attrs (str,optional) >>>>>>> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: >>>>>>> SBC_IP :5061;ping_from= sip:SBC_DNS >>>>>>> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: >>>>>>> SBC_IP :5061;ping_from=sip: SBC_DNS >>>>>>> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: >>>>>>> SBC_IP :5061;ping_from=sip: SBC_DNS >>>>>>> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 >>>>>>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >>>>>>> >> >>>>>>> >> I think that one of the problems is that I do not send the >>>>>>> OPTIONS to the Teams well, since it is on their panel, it indicates that >>>>>>> the SBC is INACTIVE. >>>>>>> >> >>>>>>> >> I don't know if you could help me straighten this out a bit ... >>>>>>> >> >>>>>>> >> Thank you so much for everything.. >>>>>>> >> >>>>>>> >> a greeting >>>>>>> >> _______________________________________________ >>>>>>> >> Kamailio (SER) - Users Mailing List >>>>>>> >> [email protected] >>>>>>> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> > >>>>>>> > _______________________________________________ >>>>>>> > Kamailio (SER) - Users Mailing List >>>>>>> > [email protected] >>>>>>> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> VoIP Embedded, Inc. >>>>>>> http://www.voipembedded.com >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Kamailio (SER) - Users Mailing List >>>>>>> [email protected] >>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing List >>>>>> [email protected] >>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> [email protected] >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> [email protected] >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> [email protected] >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
