It becomes stranger. I've managed to put in letsencrypt cert. No better. After that i started sipdump. OK, pings to microsoft were using local IP of kamalio server. Added a few "listen" directives to config to fix it.
Well, now dispatcher still shows bad status. Teams admin center also shows inactive. But when someone makes a test call from Teams, I get the traffic! Like this:
|||||||||||||||||||| ==================== tag: rcv pid: 81575 process: 30 time: 1594204711.307233 date: Wed Jul 8 13:38:31 2020 proto: tls ipv4 srcip: 52.114.148.0 srcport: 10176 dstip: dstport: 5061 ~~~~~~~~~~~~~~~~~~~~ INVITE sip:+...@domain.com:5061;user=phone;transport=tls SIP/2.0^M FROM: Sergey A. Smirnovsip:+...@sip.pstnhub.microsoft.com:5061 ;user=phone;tag=3c0c73c49b334dad885ed8383d9bfd02^M TO: sip:+...@domain.com:5061;user=phone^M CSEQ: 1 INVITE^M CALL-ID: f90cfaf1cc465256a58910806c85e7e3^M MAX-FORWARDS: 70^M VIA: SIP/2.0/TLS 52.114.148.0:5061;branch=z9hG4bK38865678^M RECORD-ROUTE: sip:sip-du-a-us.pstnhub.microsoft.com:5061 ;transport=tls;lr^M CONTACT: sip:api-du-c-euno.pstnhub.microsoft.com:443 ;x-i=61bae769-d23e-498b-800d-f1e258214d96;x-c=f90cfaf1cc465256a58910806c85e7e3/d/10/bf778faf9b964e8cb1ff2ad03b4abd68^M CONTENT-LENGTH: 1133^M MIN-SE: 300^M SUPPORTED: timer^M USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2020.7.1.9 i.USWE2.0^M CONTENT-TYPE: application/sdp^M ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY^M SESSION-EXPIRES: 3600^M ^M v=0^M o=- 247300 0 IN IP4 127.0.0.1^M s=session^M c=IN IP4 52.113.47.185^M b=CT:10000000^M t=0 0^M m=audio 51320 RTP/SAVP 104 117 9 103 111 18 0 8 97 101 13 118^M c=IN IP4 52.113.47.185^M a=rtcp:51321^M a=ice-ufrag:V73X^M a=ice-pwd:KGyenWsebt1f6QY6CiwAoQzA^M a=rtcp-mux^M a=candidate:1 1 UDP 2130706431 52.113.47.185 51320 typ srflx raddr 10.0.32.202 rport 51320^M a=candidate:1 2 UDP 2130705918 52.113.47.185 51321 typ srflx raddr 10.0.32.202 rport 51321^M a=candidate:2 1 tcp-act 2121006078 52.113.47.185 49152 typ srflx raddr 10.0.32.202 rport 49152^M a=candidate:2 2 tcp-act 2121006078 52.113.47.185 49152 typ srflx raddr 10.0.32.202 rport 49152^M a=label:main-audio^M a=mid:1^M a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:vKSpeCodqNjmTXOlZUjJCgW1YXXGmmAzYg/RqziH|2^31^M a=sendrecv^M a=rtpmap:104 SILK/16000^M a=rtpmap:117 G722/8000/2^M a=rtpmap:9 G722/8000^M a=rtpmap:103 SILK/8000^M a=rtpmap:111 SIREN/16000^M a=fmtp:111 bitrate=16000^M a=rtpmap:18 G729/8000^M a=fmtp:18 annexb=no^M a=rtpmap:0 PCMU/8000^M a=rtpmap:8 PCMA/8000^M a=rtpmap:97 RED/8000^M a=rtpmap:101 telephone-event/8000^M a=fmtp:101 0-16^M a=rtpmap:13 CN/8000^M a=rtpmap:118 CN/16000^M a=ptime:20^M |||||||||||||||||||| |||||||||||||||||||| ==================== tag: snd pid: 81575 process: 30 time: 1594204711.311578 date: Wed Jul 8 13:38:31 2020 proto: tls ipv4 srcip: srcport: 5061 dstip: 52.114.148.0 dstport: 5061 ~~~~~~~~~~~~~~~~~~~~ SIP/2.0 404 Not Found^M FROM: Sergey A. Smirnovsip:+...@sip.pstnhub.microsoft.com:5061 ;user=phone;tag=3c0c73c49b334dad885ed8383d9bfd02^M TO: sip:+...@domain.com:5061 ;user=phone;tag=e69338500f192915ee9e9b54c3e94a3c-e71d1853^M CSEQ: 1 INVITE^M CALL-ID: f90cfaf1cc465256a58910806c85e7e3^M VIA: SIP/2.0/TLS 52.114.148.0:5061;branch=z9hG4bK38865678^M Server: kamailio (5.3.5 (x86_64/linux))^M Content-Length: 0^M
Well, I get that 404 is because I have no forward route to my pstn. But shouldn't I rely on dispatchers output? Also all these "inactive" make me worried.
ср, 8 июл. 2020 г. в 10:32, Karsten Horsmann khorsmann@gmail.com:
Hi,
Yeah they told you that. But I got it working with letsencrypt. It's an easy and harmless try before you bumping your head on the desk in case of tls debugging.
BTW I remember that you can sniff ms teams ssl/tls handshake with ssldump.
And if teams is happy with there option pings to you the direct routing shows up as okay (AFAIK).
Роман С. highlandy@gmail.com schrieb am Mi., 8. Juli 2020, 09:07:
Hm, letsencrypt is out of supported CA list :/ I will give it a try and roll over to sipdump if it fails. Thank you guys.
вт, 7 июл. 2020 г. в 21:19, Karsten Horsmann khorsmann@gmail.com:
Hi there,
my teams tls problems with wildcard certs are gone after I did the an letsencrypt cert fqdn based cn.
Did you tried that?
Cheers Karsten
Роман С. highlandy@gmail.com schrieb am Di., 7. Juli 2020, 11:46:
Hello. I'm trying to set up Kamailio as SBC for Teams using https://skalatan.de/en/blog/kamailio-sbc-teams. Setup is completely default (except things mentioned at article), but I use wildcard certificate for TLS. Well, I can't even pass dispatcher:
kamcmd dispatcher.list | egrep "RI|FLAG" URI: sip: sip.pstnhub.microsoft.com;transport=tls FLAGS: IP PRIORITY: 3 URI: sip: sip2.pstnhub.microsoft.com;transport=tls FLAGS: IP PRIORITY: 2 URI: sip: sip3.pstnhub.microsoft.com;transport=tls FLAGS: IP PRIORITY: 1
Where do I start to dig? _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users