Hi,

be aware, that IPSec for VoLTE does not work for NAT.

Thanks,
Carsten
--
Carsten Bock I CTO & Founder

ng-voice GmbH

Trostbrücke 1 I 20457 Hamburg I Germany
T +49 179 2021244 I www.ng-voice.com

Registry Office at Local Court Hamburg, HRB 120189
Managing Directors: Dr. David Bachmann, Carsten Bock



Am Mo., 14. Nov. 2022 um 16:09 Uhr schrieb Oleg Belousov <obelousov@gmail.com>:
Hi, Hossein.
Increased privileges for proxy container, now can see records in both SPD and SAD, but still ipsec is not established. Possible because UE is behind NAY - will check that either. Thanks for your advice.
# ip xfrm state count
         SAD count 28
# ip xfrm policy count
         SPD IN  16 OUT 16 FWD 0

Hi, Giovanni.
Thank you. Yes, I saw that fork and am going to try it as well. Not quite clear why those patches not included onto the main release.


On Mon, Nov 14, 2022 at 11:07 AM Giovanni Maruzzelli <gmaruzz@gmail.com> wrote:
Hello,

you may also want to check Supreeth ipsec patches :


-giovanni

On Fri, Nov 11, 2022 at 1:44 PM Oleg Belousov <obelousov@gmail.com> wrote:
Hi,  Hossein.
No, there are not. The output of these two commands is just empty. Should enable it?

On Thu, Nov 10, 2022 at 9:08 PM H Yavari <hyavari@rocketmail.com> wrote:
Hi Oleg,

Can you check the ipsec SA in the OS and see that SA and policies are there or not:
>> ip x s l
>> ip x p l

BR,
Hossein

On Thursday, November 10, 2022 at 03:12:34 AM PST, Oleg Belousov <obelousov@gmail.com> wrote:


Hi.
Working on ims integration with the actual handset, have got a problem with ipsec establishment to complete registration. 

Initial steps are fine, including diameter exchange and 401 (with security server details) toward UE. On the next step UE and kamailio should establish ipsec connection, and UE to submit the next register with a response. As per trace UE is trying to establish the same (can see initial TCP SYN encapsulated onto ESP), using port-s, provided in Security-Server, but get an ICMP packet from server with destination/protocol unreachable. No more info either in P-SCSF log, no in kern.log. Proxy is listening to that port, it is tcp and available over telnet, so should not be a connectivity issue.
Please let know if any ideas how to troubleshoot that further,
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


--
Sincerely,

Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users