Hmm, I don't think you are right that the Contact header can be a private IP
even if the RR is correct.
I did some research on it and I found several places saying it must be a
routable IP which is what the carrier also said.
"The Contact header contains the SIP URI where the client wants to be contacted for subsequent requests. That means that
the host part of the URI must be globally reachable by anyone.
If your contact contains a private IP (behind a NAT?) then it is wrong, because
other peers cannot reach you with that."
--
^C
On 1/15/22 9:05 AM, Ovidiu Sas wrote:
You have a different problem then.
Having private IPs in Contact is fine. You need to lose route the
calls (kamailio will add two Record-Route headers) and the origination
server will set the RURI to the private IP from Contact, but it will
send the in-dialog requests to the public IP of kamailio. This has
nothing to do with virtual IPs.
Maybe you have a buggy client that doesn't do proper loose routing.
-ovidiu
On Sat, Jan 15, 2022 at 11:50 AM Chad <[email protected]> wrote:
Ovidiu,
Thank you again for your response.
One is public (an internet IP) and one is private (a 10.x ip).
Apparently this is a known problem with virtual IPs, it does not work.
When the asterisk server responds to the invite it sends a contact header with
the private IP and Kamailio does not
rewrite it to the advertised public IP. So the originating server sees the
private IP in the Contact header and tries to
send the traffic to the 10.x IP (which is non-routable) and the call dies.
I have been trying things for a long time to fix this (years) what you are
saying will not fix it because of the virtual
IPs.
If it was a normal IP it would work fine. It has something to do with the
routing table and how mhomed detects networks.
--
^C
On 1/15/22 8:36 AM, Ovidiu Sas wrote:
Hello Chad,
The floating IPs that you have, are they both private IPs or one
private IP and the other one a public IP?
If you have to two floating private IPs, then you need a config like this:
listen=FLOATING_UDP_PRIVATE1 advertise PUBLIC_UDP_IP
listen=FLOATING_UDP_PRIVATE2
In the config, before relaying the initial INVITE you need to detect
the direction of the call and set $fs accordingly:
if (CAL_FROM_PRIVATE_TO_PUBLIC) {
$fs = udp:FLOATING_UDP_PRIVATE1
}
else {
$fs = udp:FLOATING_UDP_PRIVATE2
}
If you have a floating private IPs and a floating public IP, then you
need a config like this:
listen=FLOATING_UDP_PRIVATE
listen=FLOATING_UDP_PUBLIC
There should be no need to force the socket, but if you do, there's no
harm (actually it's better and faster).
Hope this clarifies things and helps,
-ovidiu
On Sat, Jan 15, 2022 at 9:48 AM Chad <[email protected]> wrote:
Ovidiu,
Thank you for your response.
I have done that, in addition to the linux ip_nonlocal_bind I have also set the
Kamailio ip_free_bind=1 and it does not
work.
Here are my relevant config lines:
listen=LISTEN_UDP_PRIVATE advertise MY_PUBLIC_IP:5060
listen=LISTEN_UDP_PUBLIC
mhomed=1
ip_free_bind=1
In my /etc/sysctl.conf I have (yes I applied it with sysctl -p, and I have been
using it for a long time and have
rebooted as well):
net.ipv4.ip_nonlocal_bind=1
--
^C
On 1/15/22 4:55 AM, Ovidiu Sas wrote:
Hello Chad,
You can add a listen directive to your config for the virtual IPs
(both public and private) and then you don't need to manually modify
any headers or use force_send_socket().
You need to enable non local IP binding so kamailio can start on the
server that doesn't have the virtual IP:
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
To make the change permanent, edit your sysctl.conf file and enable it there:
net/ipv4/ip_nonlocal_bind = 1
Regards
Ovidiu Sas
On Sat, Jan 15, 2022 at 4:16 AM Chad <[email protected]> wrote:
We are looking for some help (possibly a paid consultant) to help us with our
Kamailio setup.
To keep this as short as possible: we use Kamailio as a NAT proxy to bridge our
external IP and our private IP asterisk
servers (via dispatcher).
However both the external IP and the internal IP that the Kamailio server uses
are virtual IPs created by keepalived.
Because of that neither mhomed nor fix_nated_contact work, and we use
force_send_socket to direct the traffic.
We run linux Debian 10 for the OS.
Also we do not use a DB at all, everything is done with local config files.
The problem is that when traffic goes out the Contact header has a private IP
in it, like:
Contact: <sip:##########@10.10.10.###]:5060>
There are 2 possible solutions to this:
1. Make changes to linux, keepalived and/or Kamailio so that Kamailio recognize
the virtual IPs so that mhomed and
fix_nated_contact work as usual.
2. Create a manual header rewrite system.
If solution #2:
What we need to do is create a way to rewrite the contact header to the
external IP on the way out, and on the way back
rewrite it back to the internal server that the call is already connected to.
Not sure if we will need to store those paths on the server or if we can do
some kind of cheat with another persistant
header like P-Preferred-Identity or P-Asserted-Identity (i.e. store the
internal IP in the name field or something).
If anyone out there know of a way to do this or wants to give it a try please
reach out to me.
Thank you all for your time.
--
^C
Chad
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
VoIP Embedded, Inc.
http://www.voipembedded.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
