Hello, why do you want to build it like this in the first place? Usually, Kamailio is used as the first network element that processes the traffic from the devices. That means, its not used behind haproxy.
If you want to use haproxy for some reasons, there is a core parameter to enable support for the haproxy protocol. But it will not help you for this error. This is probably caused from the Record-Route/Via contains the tls protocol. The haproxy of course does not speak SIP, so the message contains not the headers Kamailio expect. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com<https://gilawa.com/> From: sr-users <sr-users-boun...@lists.kamailio.org> On Behalf Of Giovanni Iamonte Sent: Tuesday, December 6, 2022 2:32 PM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> Subject: [SR-Users] outbound Edge Proxy Dear List In the last week I try to figure out how I can put in place a configuration that use an edge proxy and a register by using kamailio 5.6, but i am facing some issues. Scenario: We are using on ubuntu 20.04, HAproxy and Kamailio 5.6. We have configured a Kamailio register that, in the following case, perfectly works. ______ __ __________ TLS | | TLS | | Client ------------------ > | NAT |-----------> | Kamalio | in |_HAProxy | out in | Register | |_________| | | |________ _| Now we want to put a kamailio edge proxy before the kamailio Register, please take a look to the below picture ______ ______ __ _________ ___________ TLS | | TLS | | TCP | | Client ------------------ > | NAT |-----------> | Kamalio | -------------> | Kamailio | in |_HAProxy | out in | Edge | out in | Register | |_________| | Proxy | | | |_________| |___________| HAproxy -> sip-test.example.com Kamailio edge proxy -> 192.168.58.1 Kamailio Register -> 192.168.58.15 The kamailio Edge has been configured as indicated in the outbound module example. When a transaction such as REGISTER or SUBSCRIBE reach the "Kamailio Register" the Record-Route and Via headers are correct and it works. When the transaction such as MESSAGE or INVITE reach the "Kamailio Register" it does not work and below you can see the message and the error. Note that the Record-Route and Via headers are the same as the previous message REGISTER and SUBSCRIBE. Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1 40742 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>: SIPMessage-in-request = 192.168.58.1:53606-sip:s-user...@sip-dev.example.com-MESSAGE<mailto:192.168.58.1:53606-sip:s-user...@sip-dev.example.com-MESSAGE> sip:s-user...@sip-dev.example.com<mailto:sip:s-user...@sip-dev.example.com> SIP/2.0 Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr> Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr> Via: SIP/2.0/TCP 192.168.58.1:15006;branch=z9hG4bKa257.add27f134dd83c78aef13ca7798f87ca.0;i=6 Via: SIP/2.0/TLS 192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjajkY.0NlW2AFuz3.BRaKH4EdvdmQTs9L;alias Max-Forwards: 69 From: <sip:s-user...@sip-dev.example.com><mailto:sip:s-user...@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3 To: <sip:s-user...@sip-dev.example.com><mailto:sip:s-user...@sip-dev.example.com> Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET CSeq: 40742 MESSAGE Accept: text/plain, application/im-iscomposing+xml Content-Type: text/plain Content-Length: 59 ################## MESSAGE ################### Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>: SIPMessage-in-request = 192.168.58.1:53606-sip:s-user...@sip-dev.example.com-MESSAGE<mailto:192.168.58.1:53606-sip:s-user...@sip-dev.example.com-MESSAGE> sip:s-user...@sip-dev.example.com<mailto:sip:s-user...@sip-dev.example.com> SIP/2.0 Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr> Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr> Via: SIP/2.0/TCP 192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6 Via: SIP/2.0/TLS 192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias Max-Forwards: 69 From: <sip:s-user...@sip-dev.example.com><mailto:sip:s-user...@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3 To: <sip:s-user...@sip-dev.example.com><mailto:sip:s-user...@sip-dev.example.com> Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET CSeq: 40743 MESSAGE Accept: text/plain, application/im-iscomposing+xml Proxy-Authorization: Digest username="s-user.03", realm="sip-dev.example.com", nonce="Y48hMWOPIAW7JeSQ7/a+cuJ1gKwT8hrC", uri="sip:s-user...@sip-dev.example.com"<mailto:sip:s-user...@sip-dev.example.com>, response="3b7c34476443e5f1125fa460a4981180", cnonce="3AT-ZMwyfpgaMwlulh5cq5vJHi75-wnz", qop=auth, nc=00000001 Content-Type: text/plain Content-Length: 59 Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: WARNING: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:192.168.58.15:15006, to tls:192.168.58.1:60982) Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "192.168.58.1" af 2 (tls:192.168.58.1:60982) Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]: t_forward_nonack(): failure to add branches Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl [sl_funcs.c:372]: sl_reply_error(): stateless error reply used: I'm terribly sorry, server error occurred (7/SL) based on what we have understood in the message headers "Via" and Record-Route" there are the right information to reach back the proxy Edge, but looking to the error message it seems that the kamailio register try to reach back the proxy edge through the TLS instead of using the TCP. Could someone put me in the right direction. Thanks Regards -- ________________________________ Ing. Giovanni Iamonte Developments and technologies area Quintetto Srl Via Monte Navale, 1 10015 - Ivrea (TO) • mobile: +39 393 9196310 • tel: +39 0165 1845290 • e-mail: giovanni.iamo...@quintetto.it<mailto:giovanni.iamo...@quintetto.it> • web: www.quintetto.it<http://www.quintetto.it>
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
