Hello All,
I am trying to connect Kamailio over WSS and the error I get is
"tls_accept: client did not present a certificate" . It works fine for WS,
however Please guide me to connect over WSS.
the following are the logs i See..
DEBUG: tls [tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake
started
DEBUG: <core> [tcp_main.c:2430]: tcpconn_do_send(): sending...
ay 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
[tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL handshake done
May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
[tls_domain.c:718]: sr_ssl_ctx_info_callback(): SSL disable renegotiation
May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
[tls_server.c:411]: tls_accept(): TLS accept successful
May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
[tls_server.c:418]: tls_accept(): tls_accept: new connection from
sunilmore.in:49703 using TLSv1/SSLv3 AES256-SHA 256
May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
[tls_server.c:421]: tls_accept(): tls_accept: local socket:
sunilmore.in:10082
May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
[tls_server.c:432]: tls_accept(): tls_accept: client did not present a
certificate
And the websocket closes. Please help.
Thanking You,
Sunil More
Ph : 9503338275
Hi
Im trying to remove my Asterisk s= line on SDP but when doing:
sdp_remove_line_by_prefix("s=Asterisk");
Nothing happens.
Loaded sdpops.so module as well.
Is there any additional needed?
BR
Hello,
I'm after some help on third-party SIP registration in Kamailio - specifically, how to perform registration of user agents that don't register themselves, but only send out occasional messages. The UAs not registering themselves are devices on a GSM network that try to save band-width by not sending REGISTER requests for themselves. They only ever send out SIP messages when necessary, to which they expect a reply message from our processing server.
(Note, details like external IP addresses have been changed for security.)
The configuration is as follows. We have a SIP server running Kamailio (4.3, location db enabled, nathelper enabled) on a static external IP address (50.170.158.149), a processing server on an internal network registered with the SIP server (let's say with a User agent name of '1000'), and a monitoring device in another part of the country connected to the internet via a GSM network (let's say User agent name of '2000'). The device is effectively NAT'd on the GSM provider's private network.
At some point the device (UA 2000) sends a SIP message to the processing server via Kamailio (to sip:1000@50.170.158.149). The processing server is registered, so the SIP server knows where it is and forwards the message accordingly. 200/OK replies propagate back successfully to the device.
The message flow appear as below. Only relevant header fields are shown:
Message received by the SIP server from remote device:
========
IP Src:60.250.149.198, Dst:50.170.158.149
UDP Src Port: 59177, Dst Port: 5060
--
Request-Line: MESSAGE sip:1000@50.170.158.149
Via: SIP/2.0/UDP 10.92.240.131:5060;branch=z9hG4bK...
To: <sip:1000@50.170.158.149>
From: <sip:2000@10.92.240.131>;tag=7a82c48a
========
Message forwarded from SIP server, received by processing server as shown:
========
IP Src:50.170.158.149, Dst: 192.168.0.235
UDP Src Port:5060, Dst Port:5060
--
Request-Line: MESSAGE sip:1000@50.170.158.146:5060; ob SIP/2.0
Via: SIP/2.0/UDP 50.170.158.149;branch=z9hG...
Via: SIP/2.0/UDP 10.92.240.131:5060;rport=59177;received=60.250.149.198;branch=z9hG...
To: <sip:1000@50.170.158.149>
From: <sip:2000@10.92.240.131>;tag=7a82c48a
========
The processing server now needs to send back a reply message to the remote, unregistered device which is NATd on the GSM internal network. We can do this by sending back a reply to the external IP address and rport values found in the second Via header of the message received by the processing server (60.250.149.198, port 59177). The reply can only be sent from the SIP server or the GSM network's router will ignore it - it's only a temporary reply address/port open for a minute or so as it's effectively just a NAT route to the internet.
In the first instance, when the processing server attempts to send back a message to the remote device via the SIP server, the SIP server replies with a 404 as the remote device hasn't registered and the SIP server has no idea where to send it.
After looking at RFC3261 my conclusion was that we must get the processing server to perform a third-party registration on behalf of the remote device before we can send a reply message back to that device.
My understanding is that to perform the third party registration I should send a REGISTER request from our processing server to the SIP server:
1) Set the 'From' field to the AOR of the UA performing the registration (which is the processing server, 1000).
2) Set the 'To' field to the AOR of the UA being registered (i.e. the remote device, 2000).
3) Add a 'Contact' header field set to the IP address and port of the remote device (from Via = 60.250.149.198 port 59177).
The message flow for the register is as follows (only relevant header fields shown):
Processing server sends a register request to the SIP Server:
========
Request-Line: REGISTER sip:50.170.158.149 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.235:5060;rport;branch=z9hG...
From: <sip:1000@50.170.158.149>;tag=e6e2d70...
To: <sip:2000@50.170.158.149>
Contact: <sip:2000@60.250.149.198:59177>
========
SIP server responds to the processing server with a 401 unauthorized response containing the auth header field (nonce challenge):
========
WWW-Authenticate: Digest realm="50.170.158.149", nonce="VytkJ1crIvu4ekGp/M4mnRlYmJRciF3N"
========
Processing server sends a revised register request to the SIP Server, augmented with the authorisation header for the supplied nonce:
========
Request-Line: REGISTER sip:50.170.158.149 SIP/2.0
Via: SIP/2.0/UDP 50.170.158.146:1096; rport;branch=z9hG4...
From: <sip:1000@50.170.158.149>;tag=dae68a...
To: <sip:2000@50.170.158.149>
Contact: <sip:2000@60.250.149.198:59177>
Authorization: Digest username="1000", realm="50.170.158.149", nonce="VytkJ1crIvu4ekGp/M4mnRlYmJRciF3N" response="d4d7ffba8..."
========
However, the SIP Server again responds with a 401 and won't perform the third-party registration. I haven't been able to determine why. I *think* the response hash the processing server is sending back is correct. I'm using PJSIP on our processing server to perform all SIP functionality. The processing server does obviously register itself, the difference being that the To and From fields are the same (<sip:1000@50.170.158.149>) and there is no Contact header.
I'm at the point now of being unable to find any information or examples on how third-party registration requests should be performed - apart from RFC3261, which doesn't really describe the process very well.
Can anyone tell me why the third-party registration would fail, despite replying with the authorisation header? Does Kamailio first need to be configured to allow third-party reg somehow? Alternatively, should I be attempting to send back SIP messages to unregistered devices in some other fashion?
I hope someone can help or point me in the right direction.
As an aside, when the device (UA2000) is plugged into a network via ethernet, it does then perform its own registration and everything works - messages go back and forth without issue.
Hi
I have it working but i have re-read documentation and do not see how to do
what i need.
I explain it :)
Now i have only one LCR provider and i need to add a backup one.
I do not know if its enough to add under same lcr_id or its better to add
with different one and add several lcr_rule and lcr_rule_target
Acordding to next_gw() function, what is better to be used? In my case. a
primary providers is used and only a backup one for the momment.
Thanks for your help
Alberto
Hello:
I use kamailio as my SIP signal proxy, and media-proxy as RTP relayer.
It works well at many situations. But when it comes to two layer of NAT(a
user behind two layer of NAT), I got a single way media(the sip signal
layer was ok). I can’t hear the voice of user who behinds two layer of NAT,
but he can hear the voice of mine.
Most part of my kamailio config is default, and simply enable media-proxy
by engage_media_proxy():
if (is_method("INVITE") && !has_totag()) {
engage_media_proxy();
}
And in my UAC/UAS side, I use PJSIP.
Can anybody give me some help?
Any suggestion will be appreciated!
Hello,
I use kamailio set up an IMS on a cloud server in a public network, and have
alice and bob registered on the server using ImsDroid in a private network.
When I use alice to call bob, I got "User offline" error.
Below are .pcap file captured from 4060 port and
pcscf.log/icscf.log/scscf.log and all config files(in kamailio.zip)
4060.pcap <http://sip-router.1086192.n5.nabble.com/file/n148166/4060.pcap>
pcscf.log <http://sip-router.1086192.n5.nabble.com/file/n148166/pcscf.log>
icscf.log <http://sip-router.1086192.n5.nabble.com/file/n148166/icscf.log>
scscf.log <http://sip-router.1086192.n5.nabble.com/file/n148166/scscf.log>
kamailio.zip
<http://sip-router.1086192.n5.nabble.com/file/n148166/kamailio.zip>
My kamailio version and debian operating system version is like below:
root@iZ94lg22es7Z:~# kamailio -version
version: kamailio 4.4.0 (x86_64/linux) d4f23c
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC,
Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: d4f23c
compiled on 13:02:46 May 5 2016 with gcc 4.9.2
root@iZ94lg22es7Z:~#
root@iZ94lg22es7Z:~# cat /etc/issue
Debian GNU/Linux 8 \n \l
root@iZ94lg22es7Z:~#
Can anybody give me some help?
Any suggestion will be appreciated!
--
View this message in context: http://sip-router.1086192.n5.nabble.com/User-offline-tp148166.html
Sent from the Users mailing list archive at Nabble.com.
Hello Community,
in my scenario works multiple user with the kamailio server and uses different clients. They work in a mobile scenario and setup the clients and break the clients in a high period. If they break the clients, sometimes they don't send a bye, but they take off the cable connection during a call. If these devices will connected again and other clients try to call them, they are busy. That is my problem :). Does the Kamailio server provides any function to send a bye message if a clients don't register at a required time? Or is there another solution available?
Thanks for help.
Cheers,
Kai
Hello,
We are currently using kamailio sip_capture module, and then we need to
create a Wireshark file (pcap format)from fields in the database.
As we noticed in sip_capture table there is msg fields that contains only
the sip content.
And in order to create our file we need to have the entire packet and not
part of it.
We are hopefully asking if you can give us a hand with that , beside the
Homer project, what we actually wanted is to know if there is another module
in kamailio that store the entire packet captured and not only the part of
it.
Regards,
Ali Taher
