Hi David! Thanks for your reply. I am advertising the LB DNS, this is my listen parameters where <DOMAIN> is the FQDN (sbc.coolcompany.com) to the LB while <LOCAL_IP> is the Kamailio internal ip-addr. The provider talk to me on :5060.
listen=udp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060 listen=tcp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060 listen=tls:<LOCAL_IP>:5061 advertise <DOMAIN>:5061 # INFO: Media gateway (Asterisk) listening listen=udp:<LOCAL_IP>:5080 listen=tcp:<LOCAL_IP>:5080 listen=tls:<LOCAL_IP>:5081 I am seeing double RRs om the INVITE sent to Asterisk, one from our provider, and one with the FQDN. This is the whole issue I am having that I do not wish to have these RRs there at all sent to Asterisk since it messes with the signalling on the Asterisk side, this can be shown in the SIP INVITE I sent in my previous message, again below. I just need to understand what I am doing, and how setting enable_double_rr = 1 would help me in this case. INVITE sip:010xxxx...@sbc.coolcompany.com<mailto:sip%3a010xxxx...@sbc.coolcompany.com> SIP/2.0 Record-Route: <sip:sbc.coolcompany.com<http://sbc.coolcompany.com>;lr;ftag=5914da19-6958-4b8f-b521-d74c78af6120> Record-Route: <sip:sip-provider.com<http://sip-provider.com>;lr=on> Call-ID: GEWPF3PEVFCQNL7FLWOMPWVH5A@x.x.x.x<mailto:GEWPF3PEVFCQNL7FLWOMPWVH5A@x.x.x.x> CSeq: 25896 INVITE From: <sip:076xxxx...@sip-provider.com<mailto:sip%3a076xxxx...@sip-provider.com>>;tag=5914da19-6958-4b8f-b521-d74c78af6120 To: <sip:010xxxx...@sbc.coolcompany.com<mailto:sip%3a010xxxx...@sbc.coolcompany.com>> Contact: <sip:010xxxxxx@10.3.124.192:5080> Via: SIP/2.0/UDP sbc.coolcompany.com:5060;branch=z9hG4bKb32c.739784aeb0177ad4d3e181098a071abb.0;rport Via: SIP/2.0/UDP sip-provider.com<http://sip-provider.com>;branch=z9hG4bKb32c.79821495565acb8af61a7ebecb22b26d.0 Via: SIP/2.0/UDP sip-provider.com:5060;branch=z9hG4bK-323035-3a9c396118a108606e6234ff3013ed5b Max-Forwards: 67 Content-Type: application/sdp User-Agent: XXXX Content-Length: 293 /M From: David Villasmil <david.villasmil.w...@gmail.com> Date: Thursday, 4 September 2025 at 14:48 To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> Cc: Martin Nyström <martin.nyst...@connectel.se>, Federico Cabiddu <federico.cabi...@gmail.com> Subject: Re: [SR-Users] Re: Kamailio behind NAT CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. You should use the load balancer’s in the advertise. Ie: if your FQDN say sip.domain.com<http://sip.domain.com> is not pointing at the load balancer’s, it’s not going to work. You advertise the load balancer. Enable rr as Federico suggested, and that should be it. Just in case Regards, David Villasmil email: david.villasmil.w...@gmail.com<mailto:david.villasmil.w...@gmail.com> On Thu, Sep 4, 2025 at 12:56 PM Federico Cabiddu via sr-users <sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>> wrote: Hi, since, as suggested, your are using two interfaces for the traffic, you should also configure the "enable_record_route" param (https://kamailio.org/docs/modules/6.0.x/modules/rr.html#rr.p.enable_double_rr) if you want your asterisk to see, as a first hop, kamailio internal interface. Best regards, Federico On Thu, Sep 4, 2025 at 9:33 AM Martin Nyström via sr-users <sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>> wrote: I did the suggested changes, I think. But the INVITE sent from Kamailio to Asterisk still holds the external advertised DNS in the RR. Here’s the INVITE sent to Asterisk from Kamailio: eth1 Out IP 10.3.124.192.5060 > 10.2.5.206.5080: SIP: INVITE sip:010xxxx...@sbc.coolcompany.com<mailto:sip%3a010xxxx...@sbc.coolcompany.com> SIP/2.0 INVITE sip:010xxxx...@sbc.coolcompany.com<mailto:sip%3a010xxxx...@sbc.coolcompany.com> SIP/2.0 Record-Route: <sip:sbc.coolcompany.com<http://sbc.coolcompany.com>;lr;ftag=5914da19-6958-4b8f-b521-d74c78af6120> Record-Route: <sip:sip-provider.com<http://sip-provider.com>;lr=on> Call-ID: GEWPF3PEVFCQNL7FLWOMPWVH5A@x.x.x.x CSeq: 25896 INVITE From: <sip:076xxxx...@sip-provider.com<mailto:sip%3a076xxxx...@sip-provider.com>>;tag=5914da19-6958-4b8f-b521-d74c78af6120 To: <sip:010xxxx...@sbc.coolcompany.com<mailto:sip%3a010xxxx...@sbc.coolcompany.com>> Via: SIP/2.0/UDP sbc.coolcompany.com:5060;branch=z9hG4bKb32c.739784aeb0177ad4d3e181098a071abb.0;rport Via: SIP/2.0/UDP sip-provider.com<http://sip-provider.com>;branch=z9hG4bKb32c.79821495565acb8af61a7ebecb22b26d.0 Via: SIP/2.0/UDP sip-provider.com:5060;branch=z9hG4bK-323035-3a9c396118a108606e6234ff3013ed5b Max-Forwards: 67 Content-Type: application/sdp User-Agent: XXXX Content-Length: 293 Asterisk attempts to reply to the BYE on the external IP: <--- Transmitting SIP request (616 bytes) to UDP:sbc.coolcompany.com:5060<http://sbc.coolcompany.com:5060> ---> BYE sip:010xxxx@10.3.124.192:5080<http://sip:010xxxx@10.3.124.192:5080> SIP/2.0 Via: SIP/2.0/UDP 10.2.5.206:5080;rport;branch=z9hG4bKPj917dd0c5-192b-457d-ae1a-ef693895e0c7 From: <sip:010xx...@sbc.coolcompany.com<mailto:sip%3a010xx...@sbc.coolcompany.com>>;tag=1f88f783-83a4-419f-a7c3-3c37a40dada6 To: <sip:076xxx...@sip-provider.com<mailto:sip%3a076xxx...@sip-provider.com>>;tag=3c6c6d47-8beb-4c71-a829-15138869defd Call-ID: 2XKUHXTUNNC7HPW7BFTI3TMT2E@x.x.x.x CSeq: 25915 BYE Route: <sip:sbc.coolcompany.com<http://sbc.coolcompany.com>;lr;ftag=3c6c6d47-8beb-4c71-a829-15138869defd> Route: <sip:x.x.x.x;lr> Reason: Q.850;cause=16 Max-Forwards: 70 User-Agent: xxxx Content-Length: 0 Here’s again my dumbed down CFG with changes: debug=2 log_stderror=yes fork=yes tcp_accept_no_cl=yes onsend_route_reply=yes pv_buffer_size=2048 enable_tls=1 listen=udp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060 listen=tcp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060 listen=tls:<LOCAL_IP>:5061 advertise <DOMAIN>:5061 # INFO: Asterisk gateway listening listen=udp:<LOCAL_IP>:5080 listen=tcp:<LOCAL_IP>:5080 listen=tls:<LOCAL_IP>:5081 local_rport=on mpath="/usr/local/lib/kamailio/modules_k/:/usr/lib/x86_64-linux-gnu/kamailio/modules/" loadmodule "rr.so" modparam("rr", "force_send_socket", 1) route { route(FROM_PROVIDER); exit; } route[RELAY] { if(!t_relay()) { sl_reply_error(); } exit; } route[FROM_PROVIDER] { # INFO: The Asterisk ds_select_dst(100, 4); if(!has_totag()) { record_route(); } route(RELAY); exit; } /M From: Martin Nyström <martin.nyst...@connectel.se<mailto:martin.nyst...@connectel.se>> Date: Wednesday, 3 September 2025 at 10:59 To: mico...@gmail.com<mailto:mico...@gmail.com> <mico...@gmail.com<mailto:mico...@gmail.com>>, Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>> Subject: Re: [SR-Users] Kamailio behind NAT Using a different port for Asterisk is not a bad idea. I might just try that. I will return with the results or any follow up questions. /M From: Daniel-Constantin Mierla <mico...@gmail.com<mailto:mico...@gmail.com>> Date: Wednesday, 3 September 2025 at 10:54 To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>> Cc: Martin Nyström <martin.nyst...@connectel.se<mailto:martin.nyst...@connectel.se>> Subject: Re: [SR-Users] Kamailio behind NAT CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello, the simplest way is to listen on another port (e.g., 5080) and use that socket to communicate with Asterisk. For that listen parameter, do not set the advertise address. You can use $fs or force_send_socket() to specify the socket to be used for sending out to Asterisk. The alternative is to play in the config file with the function of the rr module that allow you to set the address in the Record-/Route headers, but it may increase the complexity of the config. Cheers, Daniel On 03.09.25 10:42, Martin Nyström via sr-users wrote: Hello, I am not successful in my attempts to configure my Kamailio to work behind NAT. The flow of an incoming call is Provider (Internet) -> AWS LoadBalancer -> Kamailio -> Asterisk Both the Kamailio and Asterisk is on the internal network. The issue I am having is that I need to add Record-Route to the traffic sent back towards the provider, but not to the Asterisk. Currently when I add the record_route() the header is sent to Asterisk which makes it reply to the Kamailio advertised external address for ACKs, BYEs etc. I have dumbed down my Kamailio config as much as possible for this, to show what I am currently doing. debug=2 log_stderror=yes fork=yes tcp_accept_no_cl=yes onsend_route_reply=yes pv_buffer_size=2048 enable_tls=1 listen=udp:<LOCAL_IP>:5060 advertise <EXTERNAL_DOMAIN>:5060 listen=tcp:<LOCAL_IP>:5060 advertise <EXTERNAL_DOMAIN>:5060 listen=tls:<LOCAL_IP>:5061 advertise <EXTERNAL_DOMAIN>:5061 local_rport=on mpath="/usr/local/lib/kamailio/modules_k/:/usr/lib/x86_64-linux-gnu/kamailio/modules/" # MODULES loadmodule "..." route { route(FROM_PROVIDER); } route[RELAY] { if(!t_relay()) { sl_reply_error(); } exit; } route[FROM_PROVIDER] { # The Asterisk that should not receive the external dns in the record route header ds_select_dst(100, 4); # INFO: This adds the Record-Route in all directions if(!has_totag()) { record_route(); } route(RELAY); exit; } /M __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org> To unsubscribe send an email to sr-users-le...@lists.kamailio.org<mailto:sr-users-le...@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! -- Daniel-Constantin Mierla (@ asipto.com<http://asipto.com>) twitter.com/miconda<http://twitter.com/miconda> -- linkedin.com/in/miconda<http://linkedin.com/in/miconda> Kamailio Consultancy, Training and Development Services -- asipto.com<http://asipto.com> __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org> To unsubscribe send an email to sr-users-le...@lists.kamailio.org<mailto:sr-users-le...@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org> To unsubscribe send an email to sr-users-le...@lists.kamailio.org<mailto:sr-users-le...@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender!
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
