All,

I have just setup kamailio as SPI outbound proxy, in front of Asterisk.

I'm novice with Kamailio, it's the first time I use it.

The setup is working but I need your advises:

1) When I type the "sip show peers" command in ASterisk, I see the ip address of the sip proxy. The qualify (monitoring/keepalive) seems to be sent to the sip proxy and not to the phone. Is there an alternative to directly monitor the phone  ?

localhost*CLI> sip show peers
phone2a/phone2a            <IP_SIP_PROXY>         D   N             53       OK (299 ms)     
      


2) If I use the command "localhost*CLI> sip show peer phone2a"
The ip of the phone is visible in the field  "Reg. Contact" only.
In the field "  Addr->IP", it's the IP of the SIP Proxy.

  * Name       : phone2a
  Secret       : <Set>
  MD5Secret    : <Not set>
  Remote Secret: <Not set>
  Context      : client2
  Subscr.Cont. : <Not set>
  Language     :
  AMA flags    : Unknown
  Transfer mode: open
  CallingPres  : Presentation Allowed, Not Screened
  Callgroup    :
  Pickupgroup  :
  MOH Suggest  :
  Mailbox      :
  VM Extension : *97
  LastMsgsSent : 32767/65535
  Call limit   : 0
  Max forwards : 0
  Dynamic      : Yes
  Callerid     : "" <>
  MaxCallBR    : 384 kbps
  Expire       : 554
  Insecure     : no
  Force rport  : Yes
  ACL          : No
  DirectMedACL : No
  T.38 support : No
  T.38 EC mode : Unknown
  T.38 MaxDtgrm: -1
  DirectMedia  : No
  PromiscRedir : No
  User=Phone   : No
  Video Support: No
  Text Support : No
  Ign SDP ver  : No
  Trust RPID   : No
  Send RPID    : No
  Subscriptions: Yes
  Overlap dial : Yes
  DTMFmode     : rfc2833
  Timer T1     : 500
  Timer B      : 32000
  ToHost       :
  Addr->IP     : <SIP PROXY IP>
  Defaddr->IP  : (null)
  Prim.Transp. : UDP
  Allowed.Trsp : UDP
  Def. Username: phone2a
  SIP Options  : (none)
  Codecs       : 0xa (gsm|alaw)
  Codec Order  : (gsm:20,alaw:20)
  Auto-Framing :  No
  Status       : OK (299 ms)
  Useragent    : LinphoneAndroid/2.1.2 (eXosip2/3.6.0)
  Reg. Contact : sip:phone2a@<IP PHONE>
line=8b1b24fbaaf794a
  Qualify Freq : 60000 ms
  Sess-Timers  : Accept
  Sess-Refresh : uas
  Sess-Expires : 1800 secs
  Min-Sess     : 90 secs
  RTP Engine   : asterisk
  Parkinglot   :
  Use Reason   : No
  Encryption   : No

3) I'm running a fail2ban protection to protect against scanners and my fail2ban is blocking the SIP Proxy when the threshold is reached, which means that all the clients behind the sip outbound proxy are blocked.
I think the points 1, 2, 3 are related and if the SIP Proxy could be "transparent"


Here is a debug of a register request, taken on the kamailio server
REGISTER sip:pbx-qa.mydomain.com SIP/2.0
Via: SIP/2.0/UDP <IP SIP PROXY>;branch=z9hG4bKfea4.34a8fd83.0
Via: SIP/2.0/UDP 100.96.196.103:4294;received=<IP PHONE>;rport=6738;branch=z9hG4bK1329841729
From: <sip:phone2a@mydomain.com>;tag=1870152222
To: <sip:phone2a@pbx-qa.domain.com>
Call-ID: 1455540209
CSeq: 2 REGISTER
Contact: <sip:phone2a@100.96.196.103:4294;line=c6f956d7cdb0eb5>
Authorization: Digest username="phone2a", realm="asterisk", nonce="176e8fa1", uri="sip:pbx-qa.domain.com", response="4c68e98p1ea7cb0ee81674a8384ca6e4", algorithm=MD5
Max-Forwards: 69
User-Agent: LinphoneAndroid/2.1.2 (eXosip2/3.6.0)
Expires: 600
Content-Length: 0
P-hint: outbound



Any ideas to solve my problem, to get a "more" transparent proxy ?

Regards,
Renaud Dubois