Yes, I originally assumed that I could not use two TLS sockets on one interface. My last sentence in the last post showed that I understood it now. As you said, I now have port forwarding to another port and two separate sockets for public and private phones.
socket = udp:10.0.2.3 socket = tls:10.0.2.3:5061 socket = tls:10.0.2.3:5062 as PUBLIC-IP:PUBLIC-PORT It seems to work now. I now have to check the other cases. Many thanks for the help and patience. Have a nice weekend! Best regards, Karsten Am Freitag, dem 01.04.2022 um 17:55 +0300 schrieb Bogdan-Andrei Iancu: > Just to be sure, by sockets I mean OpenSIPS listeners. Even with one > IP, > you can have something like PUB:5060->NAT->PRIV:5070 and have > OpenSIPS > listening on PRIV:5070 (with advertise for external traffic) and > PRIV:5060 for internal. > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS eBootcamp 23rd May - 3rd June 2022 > https://opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 4/1/22 5:38 PM, Karsten Wemheuer wrote: > > Hi Bogdan-Andrei, > > > > unfortunately, only one interface is available for communication to > > the > > phones. > > > > For the single interface I have two sockets, one for UDP and one > > for > > TLS. TLS is used to access local phones and those over NAT. > > > > listen = udp:10.0.2.3 > > listen = tls:10.0.2.3:5061 > > > > The way that doesn't work is a call coming from the PBX via UDP and > > going to a phone via TLS behind a NAT. How can I influence the > > CANCEL > > request here, especially if it comes internally from OpenSIPs? > > > > Maybe I should use another port for the public side. Than it should > > be > > possible to use two sockets for tls. > > > > Thanks again. > > > > Best regards, > > Karsten > > > > Am Freitag, dem 01.04.2022 um 17:04 +0300 schrieb Bogdan-Andrei > > Iancu: > > > Oh, so you have traffic both from public and private network, > > > right ? > > > If > > > so, you have 2 options: > > > > > > 1) use a single socket, without advertise and use the script > > > advertise > > > function depending on the source of the call - see > > > set_advertised_address() [1] > > > > > > 2) use 2 sockets, one for public traffic, with advertise and one > > > for > > > the > > > internal traffic, without advertise. For each call, control the > > > outbound > > > interface via the $socket_out variable [2] > > > > > > My 2 cents, (1) may be too complicated as the > > > set_advertised_address() > > > function as a message level scope, so you need to take care and > > > do > > > it > > > for each and every single request of the call. With (2) you need > > > to > > > do > > > it only for the initial request (INVITE) as the sockets are > > > remembered > > > for the whole duration of the call by the Record Route mechanism. > > > > > > [1] > > > https://www.opensips.org/Documentation/Script-CoreFunctions-3-2#set_advertised_address > > > [2] > > > https://opensips.org/Documentation/Script-CoreVar-3-2#socket_out > > > > > > Best Regards, > > > > > > Bogdan-Andrei Iancu > > > > > > OpenSIPS Founder and Developer > > > https://www.opensips-solutions.com > > > OpenSIPS eBootcamp 23rd May - 3rd June 2022 > > > https://opensips.org/training/OpenSIPS_eBootcamp_2022/ > > > > > > On 3/31/22 7:27 PM, Karsten Wemheuer wrote: > > > > Hi Bogdan-Andrei, > > > > > > > > in case of global advertising is active and set to the natted > > > > address > > > > the advertised address is used, but this leads to problems > > > > using > > > > phones > > > > in the LAN. > > > > > > > > As written in my other post: Without setting the advertise > > > > address > > > > and > > > > port, I have a problem with the phones behind NAT. Is it > > > > possible > > > > to > > > > manipulate the route before in a branch or something like that? > > > > > > > > Regards, > > > > > > > > Karsten > > > > > > > > Am Donnerstag, dem 31.03.2022 um 18:53 +0300 schrieb Bogdan- > > > > Andrei > > > > Iancu: > > > > > Hi Karsten, > > > > > > > > > > You say the record_route() does not take into consideration > > > > > the > > > > > global > > > > > advertising ?? > > > > > > > > > > Regards, > > > > > > > > > > Bogdan-Andrei Iancu > > > > > > > > > > OpenSIPS Founder and Developer > > > > > https://www.opensips-solutions.com > > > > > OpenSIPS eBootcamp 23rd May - 3rd June 2022 > > > > > https://opensips.org/training/OpenSIPS_eBootcamp_2022/ > > > > > > > > > > On 3/31/22 6:22 PM, Karsten Wemheuer wrote: > > > > > > Hi Bogdan-Andrei, > > > > > > > > > > > > many thanks for Your help. > > > > > > > > > > > > I tried with record_route. It doesn't work for me, as I set > > > > > > "advertised_address" and "advertised_port" to the natted > > > > > > address of > > > > > > the > > > > > > (only) interface. I wasn't able to avoid this. It seemed to > > > > > > be > > > > > > required > > > > > > to be able to reflect the path "phone -> proxy -> pbx". > > > > > > > > > > > > I removed the "advertised"-stuff and checked again the call > > > > > > with > > > > > > record_route. Now this seems to work. > > > > > > > > > > > > I think, I have to fix the other call flow to avoid the > > > > > > global > > > > > > setting > > > > > > of the advertised address and port. > > > > > > > > > > > > Best regards, > > > > > > > > > > > > Karsten > > > > > > > > > > > > Am Donnerstag, dem 31.03.2022 um 17:44 +0300 schrieb > > > > > > Bogdan- > > > > > > Andrei > > > > > > Iancu: > > > > > > > Hi Karsten, > > > > > > > > > > > > > > See my prev email, just to record_route() before the > > > > > > > t_relay() > > > > > > > for > > > > > > > the > > > > > > > initial INVITE. And the loose_route() stuff for whatever > > > > > > > sequential/in-dialog requests. > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > > > > Bogdan-Andrei Iancu > > > > > > > > > > > > > > OpenSIPS Founder and Developer > > > > > > > https://www.opensips-solutions.com > > > > > > > OpenSIPS eBootcamp 23rd May - 3rd June 2022 > > > > > > > > > > > > > > https://opensips.org/training/OpenSIPS_eBootcamp_2022/ > > > > > > > > > > > > > > On 3/31/22 2:50 PM, Karsten Wemheuer wrote: > > > > > > > > Hi*, > > > > > > > > > > > > > > > > I have a understanding problem regarding branches and > > > > > > > > call > > > > > > > > forking. > > > > > > > > A call from a PBX is to be routed to phone(s) via > > > > > > > > OpenSIPS. > > > > > > > > The > > > > > > > > phones > > > > > > > > are registered to OpenSIPs. > > > > > > > > > > > > > > > > INVITE --> lookup ----> 1. Destination > > > > > > > > | > > > > > > > > \--> 2. Destination > > > > > > > > > > > > > > > > When the call is terminated by the caller, the BYE > > > > > > > > request > > > > > > > > shall > > > > > > > > take > > > > > > > > the same path. Currently, the BYE is sent from the PBX > > > > > > > > directly > > > > > > > > to > > > > > > > > the > > > > > > > > Contact URI (which is not reachable by the PBX). > > > > > > > > > > > > > > > > Is it possible to use record_route in the branch_route > > > > > > > > so > > > > > > > > that > > > > > > > > different record route headers are used? Or is there > > > > > > > > another > > > > > > > > way? > > > > > > > > > > > > > > > > Thanks in advance, > > > > > > > > > > > > > > > > Karsten > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Users mailing list > > > > > > > > [email protected] > > > > > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > _______________________________________________ > > > > > > Users mailing list > > > > > > [email protected] > > > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > _______________________________________________ > > > > Users mailing list > > > > [email protected] > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
