26 May
2022
26 May
'22
8:12 a.m.
### Description
Hello,
I have faced an issue when mhomed working well only for udp destinations, and I believe
that it is a bug.
I have kamailio behind NAT with two network interfaces and I make a call from a softphone
to kamailio and change $rd on kamailio side.
If kamailio forward call to the UDP destination, mhomed option chooses the correct Via and
the correct interface for sending. But if the destination is tls, mhomed chooses first
described listen interface from the config file (as described in the documentation.
#### The example
So in my example when I call to sip:111@kamailio_ip kamailio going to send this call to
$rd="1.1.1.1" and set Via and Record-Route to 10.0.0.32 (it is ok, because IP
route to 1.1.1.1 via 10.0.0.32)
when I call to sip:1111@kamailio_ip kamailio going to send this call to
$rd="192.168.10.100:5061;transport=tls" BUT set Via and Record-Route to
10.0.0.32 (this is wrong because IP route to 192.168.10.100 is 192.168.10.145), but if in
config file the first listen interface is 192.168.10.145, kamailio sends Via correct.
#### Networking
<img width="743" alt="image"
src="https://user-images.githubusercontent.com/1487709/170417427-573f4…
<img width="511" alt="image"
src="https://user-images.githubusercontent.com/1487709/170417453-0a392…
#### Kamailio config
```
auto_aliases=yes
mhomed=1
tcp_connection_match=1 # I have tried with and without this option
listen=udp:10.0.0.32:5060
listen=tls:10.0.0.32:5061
listen=udp:192.168.10.145:5060
listen=tls:192.168.10.145:5061
.....
modparam("rr", "enable_full_lr", 1)
modparam("rr", "append_fromtag", 1)
#modparam("rr", "enable_double_rr", 2) # I have tried with and without
this option
.....
# routing
if $rU == "111" {
$rd="1.1.1.1";
} else {
$rd="192.168.10.100:5061;transport=tls";
}
route(RELAY);
```
#### Reproduction
I have created a testing stand with almost default kamailio config so I can give full ssh
access if you need it.
I just call from linphone to sip:111@server_ip and sip:1111@server_ip
#### SIP Traffic
<img width="554" alt="image"
src="https://user-images.githubusercontent.com/1487709/170420217-882d2…
```
INVITE sip:111@1.1.1.1 SIP/2.0
Record-Route: <sip:10.0.0.32;lr=on;ftag=GRIfZymtj;nat=yes>
Via: SIP/2.0/UDP 10.0.0.32;branch=z9hG4bKc662.d4fa02b9991c45869263fc4359af8d84.0
Via: SIP/2.0/UDP
10.5.7.0:52360;received=210.1.88.115;branch=z9hG4bK.mH58YeIkv;rport=35775
From: <sip:akam@10.5.7.0>;tag=GRIfZymtj
To: sip:111@130.61.43.152
CSeq: 20 INVITE
Call-ID: FR3BLskG9-
Max-Forwards: 69
Supported: replaces, outbound, gruu
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO, PRACK,
UPDATE
Content-Type: application/sdp
Content-Length: 613
```
<img width="584" alt="image"
src="https://user-images.githubusercontent.com/1487709/170420360-a7889…
```
INVITE sip:1111@192.168.10.100:5061;transport=tls SIP/2.0
Record-Route: <sip:10.0.0.32:5061;transport=tls;r2=on;lr=on;ftag=cIRc7nj00;nat=yes>
Record-Route: <sip:10.0.0.32;r2=on;lr=on;ftag=cIRc7nj00;nat=yes>
Via: SIP/2.0/TLS 10.0.0.32:5061;branch=z9hG4bK6a2.4ff69c3e304e238936a5528da681cd49.0
Via: SIP/2.0/UDP
10.5.7.0:52360;received=210.1.88.115;branch=z9hG4bK.BPohOzqtI;rport=35775
From: <sip:akam@10.5.7.0>;tag=cIRc7nj00
To: sip:1111@130.61.43.152
CSeq: 20 INVITE
Call-ID: 40PEbKneY0
```
### Additional Information
```
root@mhomed-tls:/etc/kamailio# kamailio -v
version: kamailio 5.5.4 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST,
DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535,
DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 9.3.0
```
* **Operating System**:
```
Ubuntu 20.04.4 LTS
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3124
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3124(a)github.com>
![src="https://user-images.githubusercontent.com/1487709/170417427-573f4…](http://src="https://user-images.githubusercontent.com/1487709/170417427-573f4038-b214-407e-907b-ed66b1f1d060.png%22%3E){kind=link}
![src="https://user-images.githubusercontent.com/1487709/170417453-0a392…](http://src="https://user-images.githubusercontent.com/1487709/170417453-0a3925bf-bab4-4784-b3e7-6acfd4e35d93.png%22%3E){kind=link}
![src="https://user-images.githubusercontent.com/1487709/170420217-882d2…](http://src="https://user-images.githubusercontent.com/1487709/170420217-882d236b-243f-4ffd-ae9a-7afe80222e22.png%22%3E){kind=link}
![src="https://user-images.githubusercontent.com/1487709/170420360-a7889…](http://src="https://user-images.githubusercontent.com/1487709/170420360-a7889e57-b072-4220-9d28-0dcd39eb860b.png%22%3E){kind=link}
30 May
30 May
11:49 a.m.
With tcp/tls connections, the client cannot enforce source ip/port, it is a matter of the
kernel/tcp/ip stack. You can control ip routing rules on your system to not allow
connection from a specific network interface to a target network address, but it is out of
kamailio control.
If you want to discuss more, email to sr-users(a)lists.kamailio.org.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3124#issuecomment-1140881584
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3124/1140881584(a)github.com>
11:49 a.m.
Closed #3124 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3124#event-6701098704
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issue/3124/issue_event/6701098704(a)github.com>
913
days inactive
917
days old
2 comments
2 participants
participants (2)
-
Aidar -
Daniel-Constantin Mierla