Hi Daniel, thank you for your help.
I have found out that reason for this behaviour was that kamailio relay UDP connection to TCP connection and tm module adds two record-routes. This is correct behaviour, but I am not sure if it is correct that first record-route advertised port 5060 if kamailio opens random port for the connection. Shouldn't there be a port that was used for outgoing connection? Record-Route: <sip:xx.xx.xx.xx:5060;transport=tcp;r2=on;lr=on;ftag=as1f9ba470> Record-Route: <sipxx.xx.xx.xx;r2=on;lr=on;ftag=as1f9ba470> Bye, Michal > On 11 May 2020, at 13:39, Daniel-Constantin Mierla <[email protected]> wrote: > > Hello, > > the nature of tcp protocol makes local ports on connect (as well > accepted connection ports) ephemeral. Kamailio has for that reason > "connection aliases", so the matching is also done based on advertised > attributes, not only on connection source ip/port. The interconnect > provider should do it also for tcp/tls. I am not sure now, but I think > there is also in the RFC specs something about. > > Then, the alternative, with the latest kernels and kamailio, you can try > to reuse the tcp port: > > * https://www.kamailio.org/wiki/cookbooks/5.3.x/core#tcp_reuse_port > > On the other hand, the firewall may associate a different extern port > for connections originated from the same source ip/port, you will have > to test and see what happens. > > Cheers, > Daniel > > On 11.05.20 12:23, Michal Popovic wrote: >> Hello, >> >> so it looks like kamailio used random port for opening connections to our >> partners but did not updates record-route port properly. AWS has symmetric >> NAT and that works fine. >> >> Is there any way how to identify port and rewrite record-route? >> >> Thanks. >> >> Bye, >> Michal >> >>> On 7 May 2020, at 17:25, Michal Popovic <[email protected]> wrote: >>> >>> Hello, >>> >>> our kamailio used for sip trunk interconnections is behind NAT and our >>> cloud provider opens random outgoing ports for outbound connections. >>> Our record-route is set to our external address and port 5060, that is >>> probably incorrect, but we did not had any issues. >>> One of our partners suddenly begin sending BYEs to the port advertised in >>> record-route instead of port from where he received call. >>> >>> What is a correct approach here if we are not able to determine open port >>> behind NAT? >>> >>> Bye, >>> Michal >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> [email protected] >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla -- www.asipto.com > www.twitter.com/miconda -- www.linkedin.com/in/miconda > Funding: https://www.paypal.me/dcmierla >
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
