Asterisk...

Micah Quinn Mon, 27 Sep 2021 22:00:07 -0700

OK, then some more details and some questions. My network configuration is as 
follows:
10.0.0.142             10.0.0.200               10.252.1.14                    
10.252.1.1    192.168.123.5            192.168.123.10
[softphone]   <-------->  [kamailio/rtpengine]  <---------VPN--------->  [VPN 
server] <------------------> [FreePBX}


There is no NAT'ing involved/enabled. I'm running RTPEngine on the same machine 
as Kamailio.

With my current configuration I can call the PBX directly without issue. (i.e. 
access my voicemail, IVRs, conference rooms, etc.). However, I can still not 
make an extension-to-extension call. Asterisk responds to the INVITE with a 
"401 Unauthorized" message.I have two extensions registered (1093 and 10931):
 Endpoint:  1093/1093                                            Not in use    
0 of inf
     InAuth:  1093-auth/1093
        Aor:  1093                                              10
      Contact:  1093/sip:[email protected]                  a49a850887 Avail     
   85.409

 Endpoint:  10931/10931                                          Not in use    
0 of inf
     InAuth:  10931-auth/10931
        Aor:  10931                                             10
      Contact:  10931/sip:[email protected]                3690dfd96d Avail     
   85.225

Below are two packet captures from the Kamailio machine and the Asterisk 
machine. If more information is needed, I'll be happy to supply the specifics. 
Thanks to anyone that's willing to take the time to look this over. 
(Alternatively, if somebody wants to suggest a kamailio.cfg file for my 
specific use case, I'd be happy to test that on my setup as well.)

On the Kamailio machine:
---------------------------------------
2021/09/28 04:45:07.358826 192.168.123.10:7330 -> 10.252.1.14:5060
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>
Contact: <sip:[email protected]:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, 
UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:[email protected]>
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length:   341

v=0
o=- 585379038 585379038 IN IP4 192.168.123.10
s=Asterisk
c=IN IP4 192.168.123.10
t=0 0
m=audio 18074 RTP/AVP 0 8 3 111 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv


2021/09/28 04:45:07.365188 10.252.1.14:5060 -> 192.168.123.10:7330
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e;received=192.168.123.10
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Server: kamailio (5.3.2 (x86_64/linux))
Content-Length: 0



2021/09/28 04:45:07.366400 10.252.1.14:5060 -> 192.168.123.10:5060
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;received=192.168.123.10;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>
Contact: <sip:[email protected]:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, 
UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:[email protected]>
Max-Forwards: 69
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length:   349

v=0
o=- 585379038 585379038 IN IP4 10.252.1.14
s=Asterisk
c=IN IP4 10.252.1.14
t=0 0
m=audio 14618 RTP/AVP 0 8 3 111 9 101
a=maxptime:150
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
a=rtcp:14619
a=ptime:20


2021/09/28 04:45:07.409622 192.168.123.10:5060 -> 10.252.1.14:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 
10.252.1.14;rport=19725;received=192.168.123.5;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest 
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length:  0



2021/09/28 04:45:07.412926 10.252.1.14:5060 -> 192.168.123.10:5060
ACK sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 69
Content-Length: 0



2021/09/28 04:45:07.413090 10.252.1.14:5060 -> 192.168.123.10:7330
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest 
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length:  0



2021/09/28 04:45:07.455640 192.168.123.10:7330 -> 10.252.1.14:5060
ACK sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Length:  0


On the FreePBX machine:
---------------------------------------
2021/09/28 04:45:07.342242 192.168.123.10:5060 -> 10.252.1.14:5060
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>
Contact: <sip:[email protected]:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, 
UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:[email protected]>
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length:   341

v=0
o=- 585379038 585379038 IN IP4 192.168.123.10
s=Asterisk
c=IN IP4 192.168.123.10
t=0 0
m=audio 18074 RTP/AVP 0 8 3 111 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv


2021/09/28 04:45:07.390644 10.252.1.14:5060 -> 192.168.123.10:5060
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e;received=192.168.123.10
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Server: kamailio (5.3.2 (x86_64/linux))
Content-Length: 0



2021/09/28 04:45:07.392235 192.168.123.5:19725 -> 192.168.123.10:5060
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;received=192.168.123.10;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>
Contact: <sip:[email protected]:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, 
UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:[email protected]>
Max-Forwards: 69
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length:   349

v=0
o=- 585379038 585379038 IN IP4 10.252.1.14
s=Asterisk
c=IN IP4 10.252.1.14
t=0 0
m=audio 14618 RTP/AVP 0 8 3 111 9 101
a=maxptime:150
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
a=rtcp:14619
a=ptime:20


2021/09/28 04:45:07.393454 192.168.123.10:5060 -> 192.168.123.5:19725
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 
10.252.1.14;rport=19725;received=192.168.123.5;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest 
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length:  0



2021/09/28 04:45:07.438326 192.168.123.5:19725 -> 192.168.123.10:5060
ACK sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 69
Content-Length: 0



2021/09/28 04:45:07.438558 10.252.1.14:5060 -> 192.168.123.10:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest 
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length:  0



2021/09/28 04:45:07.439339 192.168.123.10:5060 -> 10.252.1.14:5060
ACK sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" 
<sip:[email protected]>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:[email protected]>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Length:  0




________________________________
From: Henning Westerholt <[email protected]>
Sent: Saturday, September 11, 2021 3:16 PM
To: Kamailio (SER) - Users Mailing List <[email protected]>
Cc: Micah Quinn <[email protected]>
Subject: RE: Kamailio/RTPengine as a proxy for FreePBX/Asterisk...


Hello Micah,



using Kamailio as front-end/balancer for one or more asterisk instance(s) is a 
classic use case for Kamailio.



Have a look to the Asterisk log why you get some authentication request, 
probably you need to “tell” Asterisk to trust the Kamailio (IPs).



Cheers,



Henning



--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com<https://gilawa.com/>



From: sr-users <[email protected]> On Behalf Of Micah Quinn
Sent: Friday, September 10, 2021 1:05 AM
To: [email protected]
Subject: [SR-Users] Kamailio/RTPengine as a proxy for FreePBX/Asterisk...



Hello all,



I'm new to Kamailio, so bear with me as I stumble through this. First, I'll 
describe what I'm trying to achieve at a high level and then perhaps somebody 
can advise me on whether Kamailio is a good fit for this solution or not. I'd 
like to be able to deploy a small appliance type server to our customer's sites 
that just runs Kamailio and a VPN connection back to our datacenter. At our 
datacenter, we run virtualized instances of Asterisk for each of our customers. 
The idea is that Kamailio would act as a transparent proxy through to the 
Asterisk instance under nominal conditions and as a basic SIP router in the 
case that the Asterisk instance is unavailable. This degraded functionality 
would then at least allow extension to extension calling even if the Internet 
or Asterisk instance is down.



I'm currently using dispatcher with a single entry in preparation for a time 
when we might want to failover to another Asterisk instance. I'm forwarding all 
REGISTER and INVITE messages to the server chosen from ds_select_dst. Initially 
this all seems to work as I can register with a softphone and pjsip show 
endpoints shows my softphone connected. However, when I attempt to call any 
extension (my own or another) Asterisk responds to the INVITE message with a 
"401 Unauthorized" message and the typical "The person at extension XXXX is 
unavailable...".



I know that more details might be necessary to troubleshoot this, but I didn't 
want to include everything in one post and risk cluttering it up with 
unnecessary information. If anyone can confirm that this is a reasonable way to 
approach the problem, I can then provide whatever relevant data is necessary to 
get deeper into it. (I've used sngrep, logging, asterisk cli, etc.)



Thanks in advance for any help.

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio/RTPengine as a proxy for FreePBX/Asterisk...

Reply via email to