You should use the load balancer’s in the advertise. Ie: if your FQDN say sip.domain.com is not pointing at the load balancer’s, it’s not going to work. You advertise the load balancer.
Enable rr as Federico suggested, and that should be it. Just in case Regards, David Villasmil email: david.villasmil.w...@gmail.com On Thu, Sep 4, 2025 at 12:56 PM Federico Cabiddu via sr-users < sr-users@lists.kamailio.org> wrote: > Hi, > since, as suggested, your are using two interfaces for the traffic, you > should also configure the "enable_record_route" param ( > https://kamailio.org/docs/modules/6.0.x/modules/rr.html#rr.p.enable_double_rr) > if you want your asterisk to see, as a first hop, kamailio internal > interface. > > Best regards, > > Federico > > On Thu, Sep 4, 2025 at 9:33 AM Martin Nyström via sr-users < > sr-users@lists.kamailio.org> wrote: > >> I did the suggested changes, I think. But the INVITE sent from Kamailio >> to Asterisk still holds the external advertised DNS in the RR. >> >> >> >> Here’s the INVITE sent to Asterisk from Kamailio: >> >> >> >> eth1 Out IP 10.3.124.192.5060 > 10.2.5.206.5080: SIP: INVITE >> sip:010xxxx...@sbc.coolcompany.com SIP/2.0 >> >> INVITE sip:010xxxx...@sbc.coolcompany.com SIP/2.0 >> >> Record-Route: <sip:sbc.coolcompany.com >> ;lr;ftag=5914da19-6958-4b8f-b521-d74c78af6120> >> >> Record-Route: <sip:sip-provider.com;lr=on> >> >> Call-ID: GEWPF3PEVFCQNL7FLWOMPWVH5A@x.x.x.x >> >> CSeq: 25896 INVITE >> >> From: <sip:076xxxx...@sip-provider.com >> >;tag=5914da19-6958-4b8f-b521-d74c78af6120 >> >> To: <sip:010xxxx...@sbc.coolcompany.com> >> >> Contact: <sip:0101388290@10.3.124.192:5080> >> >> Via: SIP/2.0/UDP sbc.coolcompany.com:5060 >> ;branch=z9hG4bKb32c.739784aeb0177ad4d3e181098a071abb.0;rport >> >> Via: SIP/2.0/UDP sip-provider.com >> ;branch=z9hG4bKb32c.79821495565acb8af61a7ebecb22b26d.0 >> >> Via: SIP/2.0/UDP sip-provider.com:5060 >> ;branch=z9hG4bK-323035-3a9c396118a108606e6234ff3013ed5b >> >> Max-Forwards: 67 >> >> Content-Type: application/sdp >> >> User-Agent: XXXX >> >> Content-Length: 293 >> >> >> >> >> >> Asterisk attempts to reply to the BYE on the external IP: >> >> >> >> <--- Transmitting SIP request (616 bytes) to UDP:sbc.coolcompany.com:5060 >> ---> >> >> BYE sip:010xxxx@10.3.124.192:5080 SIP/2.0 >> >> Via: SIP/2.0/UDP 10.2.5.206:5080 >> ;rport;branch=z9hG4bKPj917dd0c5-192b-457d-ae1a-ef693895e0c7 >> >> From: <sip:010xx...@sbc.coolcompany.com >> >;tag=1f88f783-83a4-419f-a7c3-3c37a40dada6 >> >> To: <sip:076xxx...@sip-provider.com >> >;tag=3c6c6d47-8beb-4c71-a829-15138869defd >> >> Call-ID: 2XKUHXTUNNC7HPW7BFTI3TMT2E@x.x.x.x >> >> CSeq: 25915 BYE >> >> Route: <sip:sbc.coolcompany.com >> ;lr;ftag=3c6c6d47-8beb-4c71-a829-15138869defd> >> >> Route: <sip:x.x.x.x;lr> >> >> Reason: Q.850;cause=16 >> >> Max-Forwards: 70 >> >> User-Agent: xxxx >> >> Content-Length: 0 >> >> >> >> >> >> >> >> Here’s again my dumbed down CFG with changes: >> >> >> >> debug=2 >> >> log_stderror=yes >> >> fork=yes >> >> tcp_accept_no_cl=yes >> >> onsend_route_reply=yes >> >> pv_buffer_size=2048 >> >> enable_tls=1 >> >> >> >> >> >> listen=udp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060 >> >> listen=tcp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060 >> >> listen=tls:<LOCAL_IP>:5061 advertise <DOMAIN>:5061 >> >> >> >> # INFO: Asterisk gateway listening >> >> listen=udp:<LOCAL_IP>:5080 >> >> listen=tcp:<LOCAL_IP>:5080 >> >> listen=tls:<LOCAL_IP>:5081 >> >> >> >> local_rport=on >> >> >> >> >> mpath="/usr/local/lib/kamailio/modules_k/:/usr/lib/x86_64-linux-gnu/kamailio/modules/" >> >> >> >> loadmodule "rr.so" >> >> >> >> modparam("rr", "force_send_socket", 1) >> >> >> >> route { >> >> >> >> route(FROM_PROVIDER); >> >> exit; >> >> >> >> } >> >> >> >> route[RELAY] { >> >> >> >> if(!t_relay()) { >> >> >> >> sl_reply_error(); >> >> >> >> } >> >> >> >> exit; >> >> >> >> } >> >> >> >> route[FROM_PROVIDER] { >> >> >> >> # INFO: The Asterisk >> >> ds_select_dst(100, 4); >> >> >> >> if(!has_totag()) { >> >> record_route(); >> >> } >> >> >> >> route(RELAY); >> >> exit; >> >> >> >> } >> >> >> >> >> >> /M >> >> >> >> *From: *Martin Nyström <martin.nyst...@connectel.se> >> *Date: *Wednesday, 3 September 2025 at 10:59 >> *To: *mico...@gmail.com <mico...@gmail.com>, Kamailio (SER) - Users >> Mailing List <sr-users@lists.kamailio.org> >> *Subject: *Re: [SR-Users] Kamailio behind NAT >> >> Using a different port for Asterisk is not a bad idea. I might just try >> that. I will return with the results or any follow up questions. >> >> >> >> >> >> >> >> /M >> >> >> >> *From: *Daniel-Constantin Mierla <mico...@gmail.com> >> *Date: *Wednesday, 3 September 2025 at 10:54 >> *To: *Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> >> *Cc: *Martin Nyström <martin.nyst...@connectel.se> >> *Subject: *Re: [SR-Users] Kamailio behind NAT >> >> *CAUTION:* This email originated from outside the organization. Do not >> click links or open attachments unless you recognize the sender and know >> the content is safe. >> >> >> >> Hello, >> >> >> >> the simplest way is to listen on another port (e.g., 5080) and use that >> socket to communicate with Asterisk. For that listen parameter, do not set >> the advertise address. You can use $fs or force_send_socket() to specify >> the socket to be used for sending out to Asterisk. >> >> >> >> The alternative is to play in the config file with the function of the rr >> module that allow you to set the address in the Record-/Route headers, but >> it may increase the complexity of the config. >> >> >> >> Cheers, >> Daniel >> >> >> >> On 03.09.25 10:42, Martin Nyström via sr-users wrote: >> >> Hello, >> >> >> >> I am not successful in my attempts to configure my Kamailio to work >> behind NAT. >> >> >> >> The flow of an incoming call is Provider (Internet) -> AWS LoadBalancer >> -> Kamailio -> Asterisk >> >> >> >> Both the Kamailio and Asterisk is on the internal network. The issue I am >> having is that I need to add Record-Route to the traffic sent back towards >> the provider, but not to the Asterisk. Currently when I add the >> record_route() the header is sent to Asterisk which makes it reply to the >> Kamailio advertised external address for ACKs, BYEs etc. >> >> >> >> I have dumbed down my Kamailio config as much as possible for this, to >> show what I am currently doing. >> >> >> >> >> >> debug=2 >> >> log_stderror=yes >> >> fork=yes >> >> tcp_accept_no_cl=yes >> >> onsend_route_reply=yes >> >> pv_buffer_size=2048 >> >> enable_tls=1 >> >> >> >> listen=udp:<LOCAL_IP>:5060 advertise <EXTERNAL_DOMAIN>:5060 >> >> listen=tcp:<LOCAL_IP>:5060 advertise <EXTERNAL_DOMAIN>:5060 >> >> listen=tls:<LOCAL_IP>:5061 advertise <EXTERNAL_DOMAIN>:5061 >> >> >> >> local_rport=on >> >> >> >> >> mpath="/usr/local/lib/kamailio/modules_k/:/usr/lib/x86_64-linux-gnu/kamailio/modules/" >> >> >> >> # MODULES >> >> loadmodule "..." >> >> >> >> route { >> >> >> >> route(FROM_PROVIDER); >> >> >> >> } >> >> >> >> >> >> route[RELAY] { >> >> >> >> if(!t_relay()) { >> >> >> >> sl_reply_error(); >> >> >> >> } >> >> >> >> exit; >> >> >> >> } >> >> >> >> route[FROM_PROVIDER] { >> >> >> # The Asterisk that should not receive the external dns in >> the record route header >> >> ds_select_dst(100, 4); >> >> >> >> # INFO: This adds the Record-Route in all directions >> >> if(!has_totag()) { >> >> record_route(); >> >> } >> >> >> >> route(RELAY); >> >> exit; >> >> >> >> } >> >> >> >> >> >> >> >> >> >> >> >> /M >> >> >> >> __________________________________________________________ >> >> Kamailio - Users Mailing List - Non Commercial Discussions -- >> sr-users@lists.kamailio.org >> >> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >> >> Important: keep the mailing list in the recipients, do not reply only to the >> sender! >> >> >> >> -- >> >> Daniel-Constantin Mierla (@ asipto.com) >> >> twitter.com/miconda -- linkedin.com/in/miconda >> >> Kamailio Consultancy, Training and Development Services -- asipto.com >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions -- >> sr-users@lists.kamailio.org >> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions -- > sr-users@lists.kamailio.org > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
