### Description For secure websocket connections (wss), Kamailio seems to forget that the connection is secure, later trying to use a regular TCP `listen` option to send out messags. I'd be happy to propose a patch, but I'm not sure what the expected behavior of Kamailio would be here. Setup: - One Kamailio acting as websocket endpoint with TLS configured, forwarding all packets via udp to another kamailio - Another Kamailio handling all dialplan logic, including registers/invites We have traced the issue: - Client sends a `REGISTER` over secure websockets - Kamailio1 forwards this to Kamailio 2, with `Path: <sip:kamailio1:port1;lr;received=sip:1.1.1.1:11111%3Btransport%3Dws>` - Kamailio 2 stores the AOR in database using `registrar.store` - In the location table, we can see `received = sip:1.1.1.1:11111;transport=ws` - We try to send a SIP INVITE to the WebRTC client - Kamailio 2 creates invite, adds header `Route: ` with option `transport=ws` - INVITE arrives at Kamailio 1, which forwards it to the client using `t_relay` - Kamailio 1 ends up in `get_send_socket2`, with parameter `proto = ws` - Following the source code, we end up [here](https://github.com/kamailio/kamailio/blob/master/src/core/forward.c#L…, this will end up picking `sendipv4_tcp` as `send_sock` - This picks a *TCP* listener, while in fact we need a *TLS* listener - As a result, the outgoing message contains a wrong endpoint in the `Record-Route` header, causing issues in the SIP dialog later on ### Troubleshooting #### Reproduction Reproducing from scratch requires quite some setup, hopefully the above information will be enough to diagnose. #### Debugging Data See above. #### Log Messages See above. #### SIP Traffic See above, can provide exact SIP traces if required. ### Possible Solutions We have been able to work around the issue like this: ``` if (pcre_match("$(hdr(Route)[0]{nameaddr.uri}{uri.param,received})", "%3Btransport%3Dws")) { # Kamailio bug? # in the received parameter of the route header, there is ';transport=ws' # so kamailio starts looking for a *tcp* connection, while it should be looking for a *tls* # connection. xlog("L_NOTICE", "Websocket detected; forcing wss transport"); set_send_socket("tls:WEBSOCKET_IP:WEBSOCKET_PORT"); } ``` ### Additional Information * **Kamailio Version** - output of `kamailio -v` Tested with 5.4.4, but code doesn't seem to be changed in master. * **Operating System**: Ubuntu Focal. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3340 You are receiving this because you are subscribed to this thread. Message ID: &lt;kamailio/kamailio/issues/3340(a)github.com&gt;