Hi,
I have a scenario where I got a firewall with 3 interfaces: internal, DMZ and external. All the traffic from internal going to external is NATed. However, the traffic between internal and DMZ is NOT NATed. The external and DMZ are using public IP addresses. On the DMZ I have a Kamailio server running with RTPProxy + NAT Helper.
Everything works fine when public (from the internet) users (UAs) are behind NAT as Kamailio will force the RTP to go via RTPProxy. However, when the public user has a public IP, it will fail to establish the RTP to a user who registered on Kamailio coming from the internal firewall interface.
The reason is that, as I don't do NAT between internal and DMZ firewall interfaces, Kamailio will not RTPRroxy in between the UAs because, from the way Kamailio detects NAT, they are not behind NAT. So the public user UA tries to reach a private IP address. If the "inside" user tries to call a public user (a user on the Internet with a public IP), it works.
Yes, I could do NAT in between the internal and DMZ firewall interfaces. However, this would force all RTP traffic of my UAs at the LAN go to Kamailio RTPProxy, an bad effect that I would like to avoid.
So my question is: what would be the best approach to solve this issue using Kamailio and RTPProxy in such scenario?
Cheers!
Moacir
Hi,
do you know what happens if the database for siptrace is not reachable ? I
assume siptrace is non-blocking in new versions of kamailio, but is there
any buffer? Or insert queries are discarded when timed out ?
Mino
Hello,
I'm trying to address a problem where sometimes our upstream providers have slow call setup times. We use drouting with multiple providers for each route to handle failover in the event of an outage but in this case, we get a 100 Trying but sometimes a 18[03] response takes 4-5 seconds or we never get it because the caller cancels the request. What would be a "safe" amount of time to allow a PSTN gateway to reply with a 180/183? What I'm trying to avoid is a scenario where the PSTN legitimately takes a long time to setup (i.e. an international call to some cell phone providers) and we needlessly failover which will actually increase the post dial delay for the user.
My thought is this for example:
route[PSTN] {
t_set_fr(1000); # set fr timer to 1 second so we failover quickly if no provisional response
t_on_reply("PSTN_REPLY");
# Routing logic
}
onreply_route[PSTN_REPLY] {
if (status=~"1[0-9][0-9]") {
t_set_fr(4000); # set fr timer to 4 seconds
}
if (status=~"18[03]") {
t_reset_fr(); # reset timer if we get a 180 or 183
}
}
Also, if we failover because of slow call setup for a particular route, I'd like to temporarily avoid that gateway for that route (but only that route).
I'm curious if anyone has any pointers or how they solved this.
Thanks,
Spencer
I have attempted to add users as per documentation.
kamctl add <username> <password> <email>
However, Kamailio responds with the following:
-- command 'add|passwd|rm' - manage subscribers
add <username> <password> .......... add a new subscriber (*)
passwd <username> <passwd> ......... change user's password (*)
rm <username> ...................... delete a user (*)
Is the option to add user with email address etc still available
in the current release of 3.3
Thanks
Kellon
Thanks Anton, Fred, Jeremy thanks for the suggestions. The problem was the firewall. I don't know why I didn't think of it. I learnt one other thing also the use of kamctl monitor. Just two other problems at the moment. I'll start a new thread for them
Dear All
I have modified kamailio,cfg and compiled all the modules with TLS enabled,
and able to bring up the kamailio proxy properly.
Kamailio proxy will receive the REGISTER message from endpoints in UDP ,
and want to send this REGISTER message to another intermediate proxy in
TLS. For this purpose, I have added few lines in kamailio.cfg file as below.
I have created the certificates, private keys as explained by README file
in kamailio-3.1.5/modules/tls/ path.
if(is_method("REGISTER"))
{
t_relay_to("tls:115.114.48.75:443");
exit();
}
Looks like this is taking effect. When Kamailio receives REGISTER message
it is trying to do handshake with intermediate proxy.
I used wireshark to see the handshake messages.
1. From Kamailio proxy, a TCP SYNC message is going to intermediate proxy.
2. intermediate proxy sends SYNC + ACK
3. Kamailio sends CLIENT HELLO
4. intermediate proxy sends SERVER HELLO, CERTIFICATE and SERVER HELLO DONE
5. The Kamailio sends ALERT (Level: Fatal, Description: Unknown CA) --->
IS something going wrong here..............
6. Then Kamailio sends FIN + ACK
Can somebody please let me know why the certificate verification fails (I
get this log in console).
How can I put a work around to avoid certification verification failure.
Best Regards
kamal
I have recently installed kamailio on CentOS 6.3 and configured a couple of SIP phone Linksys and Grandstream to test inercommunication. The SIP-Server/ Kamailio server ha started and is listen on port 5060. The UA are sending registered message to the SIP Server but there is no response from the SIP server. I left the syslog at default but not seeing any messages on the /var/log/messages. Can someone tell me if I have missed some configuration information. Note: I registered two users 101 and 202 using the command kamctl add 101 101. Is it possible to check whether the Users added have been added to the system??. and does anyone have any idea how to to troubleshoot a response from the Server. I am using Wireshark to monitor communication between between UA and SIP Server
Hi,
I installed kamailio 3.2.x a few times before and they were really fine. I
decided to install a fresh one and followed the instructions on
http://www.kamailio.org/wiki/install/3.3.x/git. However there is a problem:
clients cannot register to kamailio. Each registration attempt produces the
following error in the syslog:
Oct 29 20:07:38 ubuntu /usr/local/kamailio-3.3/sbin/kamailio[32421]: :
<core> [tcp_main.c:3578]: BUG: handle_ser_child: fd -1 for 0 (pid 32414)
Oct 29 20:07:38 ubuntu /usr/local/kamailio-3.3/sbin/kamailio[32421]: :
<core> [pass_fd.c:103]: ERROR: recv_all: 1st recv on 56 failed: Bad file
descriptor
Oct 29 20:07:38 ubuntu /usr/local/kamailio-3.3/sbin/kamailio[32421]: :
<core> [tcp_main.c:3363]: ERROR: handle_tcp_child: read from tcp child 0
(pid 0, no 0) Bad file descriptor [9]
Oct 29 20:07:38 ubuntu /usr/local/kamailio-3.3/sbin/kamailio[32421]: :
<core> [pass_fd.c:209]: ERROR: send_fd: sendmsg failed sending 17 on 56:
Bad file descriptor (9)
Oct 29 20:07:38 ubuntu /usr/local/kamailio-3.3/sbin/kamailio[32421]: ERROR:
<core> [tcp_main.c:4006]: ERROR: send2child: send_fd failed for
0x7f510bc41588 (flags 0x4018), fd 17
What could be the problem? Any suggestion?
In case you need, the server is ubuntu server 11.10, and I installed
including mysql and tls modules.
Hi All,
I've got a problem with Kamailio 3.3.2-1.1 on CentOS 6.3 with locally
postgresql 8.4.13-1.el6_3 libraries, connected to a remote
postgresql91-9.1.6-1PGDP.rhel6 server
The presence module tries to insert a record in the presentity table,
with some xml in the body column.
But the body value in the postgresql table is not represented as a
string '<?xml ...etc' But encodes as
'\x3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d275554462...etc'
This gives problems when the presense module is trying to send out a
notify based on the value in the database.
With debugging, this gives the error:
Entity: line 1: parser error : Start tag expected, '<' not found
x3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d275554462d38273f3e3c
The \x in front of the hex encodes string is not properly interpreted by
postgresql or kamailio.
The body column of the table presentity is a bytea column, and I believe
postgresql 9 outputs these bytea columns a bit differently then
postgresql 8.
When I try to run the sql statement:
insert into presentity
(domain,username,event,etag,sender,body,received_time,expires ) values
('newsip.lifexs.nl','00086','presence','a.1352107949.18632.27.0','','<?xml
version=''1.0'' encoding=''UTF-',1343534532,1345213723)
On the postgresql 9.1 server locally, I still get the '\x3c3f786d6c...
etc' value in the database.
The bytea_output setting in postgresql 9 is now standard set to 'hex' in
stead of escape.
I've changed the bytea_output setting in postgresql.conf to 'escape',
and then the presence is working without any issues.
So maybe the database module of postgresql has to be changed to pick up
these bytea encodings properly?
Because i think kamailio should work correctly with the default
postgresql settings.
With kind regards,
Robert Verspuy
--
*Exa-Omicron*
Eenspan 8-K
3897 AL Zeewolde
http://exa.nl
Hi All,
I am using kamailio as dispatcher and set up kamailio just to send 200 okay
back for the method register, I would like check if its normal for the
kamailio send another invite on the next proxy listed on my dispatcher.lst
after the first proxy process the invite and auth. Below is how the call
is being process.
user kamailio 1proxy 2proxy user2
invite |----------> |
100 | <---------- |
invite | | ---------> |
100 |<--------- |
auth |<-----------|
auth | <------------------------|
ack |------------->| ---------->|
Invite |-------------->| --------------------------> |
then process
Is there any I can limit this? or it is realy the behavior?
Thanks a lot!
Maurice
