Hi,
We're currently testing Kamailio 5.5.3 on Debian 11 compiled with RADCLI
and we're experiencing an issue with radius authentication:
Feb 23 08:54:22 redacted /sbin/kamailio[817172]: WARNING: <script>: RADIUS
auth failed for redacted (IP:redacted:5060)
Feb 23 08:54:22 redacted /sbin/kamailio[817173]: radcli: rc_avpair_new:
rc_avpair_new: no attribute 1/1 in dictionary
Feb 23 08:54:22 redacted2 /sbin/kamailio[817173]: ERROR: auth_radius
[sterman.c:204]: add_cisco_vsa(): unable to add …
[View More]Cisco-AVPair attribute
I don't believe this is directly a Kamailio issue but enabling debug
logging hasn't revealed any clues ( The log lines remain the same without
additional info ) This was working previously on 5.5.X on Debian 9
Has anyone experienced this before or have any suggestions on where to
start looking?
Thanks
[View Less]
I'm testing with this kamailio version:
$ kamcmd version
kamailio 5.5.4 (x86_64/linux) 54c9df
on:
$ cat /etc/issue
Debian GNU/Linux 11 \n \l
with:
$ openssl version
OpenSSL 1.1.1k 25 Mar 2021
Whenever I start kamailio I get 3199 log lines like this:
2022-03-10T10:04:39.700676+09:00 lab002201-flip-server
/usr/local/src/git/kamailio-5.5/src/kamailio[261703]: CRITICAL: <core>
[core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer
(0x7f8eb57f7848), called from tls: …
[View More]tls_init.c: ser_free(323), first free
tls: tls_init.c: ser_free(323) - ignoring
I searched the issues at github and found:
https://github.com/kamailio/kamailio/issues/2560https://github.com/kamailio/kamailio/issues/2912
So I tried to start kamailio with
--atexit=no
but those logs remain.
With and without using --atexit=no there is no crash and all my tests are
OK.
But should I be worried to put this in production?
[View Less]
Hello
i try to fix one endpoint, it does neet do have a
a=rtpmap:116 telephone-event/8000
a=fmtp:116 0-15
sometimes i got:
a=rtpmap:115 telephone-event/8000
and sometimes:
a=rtpmap:114 telephone-event/8000
a=fmtp:114 0-15
so - should i use txtops and search for fmtp, and use
search_append_body ?
ifsearch_body(re) does not find 'a=fmtp:95' (95..127 - dynamic payload
here), or am I reinventing the wheel again ? Any hints?
--
Krzysztof Drewicz
Senior Infrastructure Administrator
CLUDO | ul.…
[View More] Grochowska 306/308, 03-840 Warszawa
t+48221223977
kdrewicz(a)cludo.pl | www.cludo.pl
[View Less]
Thanks for your time in advance!
When dealing with multiple headers in different formats, i.e.
Diversion: <sip:foo>, <sip:bar>
$hdrc(Diversion) returns 1 header instead of 2. Is this expected
behavior? What is the best way to manage all scenarios of possible
multiple header values? It seems currently there is no easy way to iterate
over ALL diversion headers, including scenarios like the following below:
Diversion: <sip:abc>
or
Diversion: <sip:abc>, <sip:def&…
[View More]gt;
or
Diversion: <sip:abc>
Diversion: <sip:def>, <sip:ghi>
etc.
- Brandon
[View Less]
Hello,
Kamailio SIP Server v5.4.8 stable release is out.
This is a maintenance release of the latest stable branch, 5.4, that
includes fixes since the release of v5.4.7. There is no change to
database schema or configuration language structure that you have to do
on previous installations of v5.4.x. Deployments running previous v5.4.x
versions are strongly recommended to be upgraded to v5.4.8.
Note that 5.4 is the second last stable branch, still officially maintained
by Kamailio development …
[View More]team. The latest stable branch is 5.5, with
v5.5.4 being release out of it.
For more details about version 5.4.8 (including links and guidelines to
download the tarball or from GIT repository), visit:
* https://www.kamailio.org/w/2022/03/kamailio-v5-4-8-released/
RPM, Debian/Ubuntu packages will be available soon as well.
Many thanks to all contributing and using Kamailio!
Cheers,
Daniel
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online
March 28-31, 2022 (Europe Timezone)
* https://www.asipto.com/sw/kamailio-advanced-training-online/
[View Less]
Hello,
I am planning to release a new version from branch 5.4, respectively
5.4.8, sometime next week, likely on Wednesday or Thursday (Mar 9/10, 2022).
If anyone is aware of issues not yet reported to bug tracker or missing
backports, report them in order to try to get the fixes in this release.
Cheers,
Daniel
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online
March 28-31, 2022 (Europe Timezone)
* https://www.asipto.com/sw/kamailio-advanced-training-online/
Hi Everyone,
I have Kamailio sitting between MS Teams and Asterisk, and using rtpengine to terminate SRTP on Kamailio so that all my internal traffic is unencrypted. My current config works fine for inbound calls where I initiate the INVITE and Teams responds, but if Teams sends the INVITE I am having an issue where SRTP cannot finish negotiating. Non SRTP calls work fine with RTPEngine as well, so it's just the RTP to SRTP I am struggling with.
According to this I believe I must pass a=…
[View More]crypto in response to the INVITE which also has a=crypto: https://www.dialogic.com/-/media/1f8b54b43087407d9c2b38846c5c2cb5.ashx?h=40…
You can see that in the initial invite from Teams, I get RTP/SAVP with a=crypto, but I do not send one in my OK response after 183 Session In Progress. As below - I am wondering if it's because not all audio channels seem to be getting swapped to SAVP?
I'd like to do a generic SRTP <> RTP bridge config (I've tried below). However, I am not 100% sure on how to detect when to swap between AVP and SAVP, so I've also tried just doing rtpengine_manage() and relying on other code to swap between SAVP or AVP *only* when going to/from Teams to keep it simple. I also tried both with and without "replace-origin replace-session-connection ICE=remove" but I still get the same behaviour in all cases.
Any advice appreciated, as this is my first time dealing with SRTP (and rtpengine). Feeling very stuck. Thanks!
branch_route[MANAGE_BRANCH] {
...
route(NATMANAGE);
route(HANDLE_SRTP);
}
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
if(status=~"[12][0-9][0-9]") {
route(NATMANAGE);
}
route(HANDLE_SRTP);
}
route[HANDLE_SRTP] {
if (!has_body("application/sdp")) {
return;
}
rtpengine_manage();
return; # As a test, just do rtpengine_manage() and set SAVP/AVP elsewhere. Same behaviour.
# Handle bridging of RTP and SRTP
# Inbound traffic to SBC should be converted from SRTP to RTP
if (proto==TLS) {
rtpengine_manage("RTP/AVP");
# Outbound traffic destined to a TLS destination should be converted from RTP to SRTP
} else if ($ru =~ "transport=tls") {
rtpengine_manage("RTP/SAVP");
}
}
# INVITE from teams
rtpengine_manage("replace-origin replace-session-connection ICE=remove RTP/AVP");
# INVITE to teams
rtpengine_manage("replace-origin replace-session-connection ICE=remove RTP/SAVP");
INVITE sip:+614xxxx@rh.sbc-syd-01.teams.xxxx:5061;user=phone;transport=tls SIP/2.0^M
...
v=0^M
o=- 57931 0 IN IP4 127.0.0.1^M
s=session^M
c=IN IP4 52.113.76.53^M
b=CT:10000000^M
t=0 0^M
m=audio 51398 RTP/SAVP 104 9 103 111 18 0 8 97 101 13 118^M
c=IN IP4 52.113.76.53^M
a=rtcp:51399^M
a=ice-ufrag:C8ss^M
a=ice-pwd:2bV9D6GcXF5f8m0px/wufQD/^M
a=rtcp-mux^M
a=candidate:1 1 UDP 2130706431 52.113.76.53 51398 typ srflx raddr 10.0.32.179 rport 51398^M
a=candidate:1 2 UDP 2130705918 52.113.76.53 51399 typ srflx raddr 10.0.32.179 rport 51399^M
a=candidate:2 1 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179 rport 49152^M
a=candidate:2 2 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179 rport 49152^M
a=label:main-audio^M
a=mid:1^M
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:geUHLB1mshmnI5hN83bnO57Hbdm2i7dD14sDAnpA|2^31^M
a=sendrecv^M
a=rtpmap:104 SILK/16000^M
a=rtpmap:9 G722/8000^M
a=rtpmap:103 SILK/8000^M
a=rtpmap:111 SIREN/16000^M
a=fmtp:111 bitrate=16000^M
a=rtpmap:18 G729/8000^M
a=fmtp:18 annexb=no^M
a=rtpmap:0 PCMU/8000^M
a=rtpmap:8 PCMA/8000^M
a=rtpmap:97 RED/8000^M
a=rtpmap:101 telephone-event/8000^M
a=fmtp:101 0-16^M
a=rtpmap:13 CN/8000^M
a=rtpmap:118 CN/16000^M
a=ptime:20^M
I correctly convert to/from RTP/AVP and RTP/SAVP for the 183 Session in progress. It is RTP/SAVP before going to Teams:
SIP/2.0 183 Session Progress^M
...
v=0^M
o=- 57931 2 IN IP4 1.2.3.4^M
s=NexusOne^M
c=IN IP4 1.2.3.4^M
t=0 0^M
m=audio 37820 RTP/SAVP 9 8 0 101^M
a=maxptime:150^M
a=mid:1^M
a=rtpmap:9 G722/8000^M
a=rtpmap:8 PCMA/8000^M
a=rtpmap:0 PCMU/8000^M
a=rtpmap:101 telephone-event/8000^M
a=fmtp:101 0-16^M
a=sendrecv^M
a=rtcp:37821^M
a=ptime:20^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M
But then when I send the OK after the 183, I am setting RTP/SAVP before sending to MS Teams, but not setting a=crypto:
Also note that I can see there are _some_ channels still as RTP/AVP so maybe this is part of the issue.
SIP/2.0 200 OK^M
...
v=0^M
o=- 57931 2 IN IP4 1.2.3.4^M
s=NexusOne^M
c=IN IP4 1.2.3.4^M
t=0 0^M
m=audio 37820 RTP/SAVP 9 8 0 101^M
a=maxptime:150^M
a=mid:1^M
a=rtpmap:9 G722/8000^M
a=rtpmap:8 PCMA/8000^M
a=rtpmap:0 PCMU/8000^M
a=rtpmap:101 telephone-event/8000^M
a=fmtp:101 0-16^M
a=sendrecv^M
a=rtcp:37821^M
a=ptime:20^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M
Rhys Hanrahan | Chief Information Officer
e: rhys(a)nexusone.com.au<mailto:rhys@nexusone.com.au>
[www.nexusone.com.au]<http://www.nexusone.com.au/> [signature_1116663581] <http://www.fusiontech.com.au/>
NEXUS ONE | FUSION TECHNOLOGY SOLUTIONS
p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 Elizabeth Street, Sydney NSW 2000
www.nexusone.com.au<http://www.nexusone.com.au/> | www.fusiontech.com.au<http://www.fusiontech.com.au/>
The information in this email and any accompanying attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; b. Legally privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties. If you have received this email in error, please notify the sender immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd does not accept any responsibility for loss or damage arising from the use or distribution of this email.
Please consider the environment before printing this email.
[View Less]
Hi,
I'm using Kamailio 5.5.3 with a KEMI / Python based configuration on Debian
11.
In my reply route I am trying to convert a 183 to a 180 with:
KSR.textopsx.change_reply_status(180,
"Ringing")
I've noticed with TOPOS enabled, it doesn't work and I still see a 183 go
out. But with it disabled, it works as expected and it's converted to a
180. I get the same behaviour with / without msg_apply_changes()
Config looks like this:
def ksr_onreply_manage(self, msg):
KSR.info(f"…
[View More]ksr_onreply_manage\r\n")
scode = KSR.pv.get("$rs")
if KSR.permissions.allow_source_address_group()<0:
if scode == 183:
KSR.info(f"ksr_onreply_manage: Converting 183 to 180\r\n")
KSR.textopsx.change_reply_status(180, "Ringing")
KSR.textopsx.msg_apply_changes()
if scode>100 and scode<299 :
self.ksr_route_natmanage(msg)
return 1
The debug log doesn't reveal anything too obvious, I can share if its of
any use.
Does anyone have any suggestions?
Thanks
Matthew
[View Less]
Hi Dear
I am trying to understand how "listen" and "advertise" work for sip
signaling purpose ( corebooks : listen
<http://www.kamailio.org/wiki/cookbooks/5.4.x/core#listen> and advertise )
Flow : kamailio behind NAT using softphones on private and public networks.
- kamailio :
Network :
IPv4_private 192.168.1.6 / IPv4_public
kamailio.cfg :
listen=udp: IPv4_private: 5060 advertise IPv4_public : 5060
- uac (softphone) :
zoiper, microsip, cisco spa508g
USE CASE :
I 'd like to …
[View More]force all softphone on the same local network to reach
kamailio through a public ip address.
??? QUESTION : Do I need to REGISTER on IPv4_private address of Kamailio OR
REGISTER on IPv4_public address of kamailio or DEFINE another "listen" with
another PORT WITHOUT "advertise" for softphone on same kamailio network ?
listen=udp: IPv4_private: 5060 advertise IPv4_public : 5060
listen=udp: IPv4_private: 5066
Do I need to use "kamctl ps" to verify which interface is listening on port
?
Thanks in advance
Best Regards,
Youssef BOUJRAF
Email: yboujraf(a)gmail.com
[View Less]