trying to use

            msg_apply_changes();
            subst_hf("Via","/TCP/TLS/","f");

But as i don't seem to have access the top-most via, i can'it doesn't work... i cam change the incoming Via, but not the outgoing...
I need this urgently.. any help anyone?

 
Sergey,

Thanks for pointing me to the PR but that's not exactly what i need, let me explain:

We have an AWS an NLB on which our clients connect to and terminate TLS connections and from then on into our proxies it is TCP. Now when clients send invites (with TLS in their VIA as protocol) and we reply to them (because the socket is TCP) I need to set the protocol on the Via to be TLS. Otherwise, the client would not understand. This message or will believe that it's not. about the same connection

I haven't figured out a way of doing this since it can't get the actual VIA that will be sent out. I've tried on the onsend_route (enabling onsend_route_reply)

Help is greatly appreciated!


Regards,

David Villasmil
phone: +34669448337


On Thu, May 30, 2024 at 11:44 PM David Villasmil <david.villasmil.work@gmail.com> wrote:
HEllo Sergey,

i can send one. yes.

Regards,

David Villasmil
phone: +34669448337


On Thu, May 23, 2024 at 5:14 PM Sergey Safarov <s.safarov@gmail.com> wrote:
Hi David
Could you send PCAP for an inbound call via TCP connection?

Sergey

On Thu, May 23, 2024 at 5:53 PM David Villasmil <david.villasmil.work@gmail.com> wrote:
it's still in progress though.
Regards,

David Villasmil
phone: +34669448337


On Thu, May 23, 2024 at 4:51 PM David Villasmil <david.villasmil.work@gmail.com> wrote:
Thanks, I'll check it out!
Regards,

David Villasmil
phone: +34669448337


On Thu, May 23, 2024 at 4:16 PM Sergey Safarov <s.safarov@gmail.com> wrote:
We have tested this PR using the Linphone app.
So your case will be resolved using this PR.
Need to enable HAproxy protocol headers.

On Wed, May 22, 2024 at 4:36 PM Sergey Safarov <s.safarov@gmail.com> wrote:
Please try Kamailio PR
https://github.com/kamailio/kamailio/pull/3731

We have developed this PR for use case you have described.
We have tested Route and Record-Route headers not Via.
So will provide some review for this PR then will be fine.

On Wed, May 22, 2024 at 2:22 PM David Villasmil <david.villasmil.work@gmail.com> wrote:
Hello Sergey,

Thanks for the suggestion. Not sure if his is what i'm looking for, allow me to explain further:
We set up an NetworkLoadBalancer on AWS to offload tls on it. This Load balancer is a TLS listener on the outside and a TCP connection to the proxy inside.
So when sending an INVITE to the connected client, the via has a TCP protocol like

Via: SIP/2.0/TCP mydomain:port;branch=z9hG4bKf176.53ac8af0d7090a31e44548f15ea420ff.0

and the client (linphone) disconnects and tries to contact the proxy on that address on a TCP socket, which doesn't exist. I tried many solutions none of which actually work... last one setting $du =$du + ";transport=tls" and forcing the socket to the TCP socket to the load balancer, but of course i'm getting warnings about this.

is this something that PR (not merged) would be addressing, i didn't see that.
If not, is there a way of doing this without any trickery?

Thanks!

Regards,

David Villasmil
phone: +34669448337


On Wed, May 22, 2024 at 12:16 PM Sergey Safarov <s.safarov@gmail.com> wrote:
Probable you need this PR

Or you can try
In this PR we faced the same issue and solved this.


On Wed, May 22, 2024 at 3:43 AM David Villasmil via sr-users <sr-users@lists.kamailio.org> wrote:
Hello Anthony, did you solve this problem? I'm facing the same problem

Thanks!
Regards,

David Villasmil
phone: +34669448337


On Mon, Feb 5, 2018 at 5:57 AM Anthony Alba <ascanio.alba7@gmail.com> wrote:
I have kamailio behind a TLS termination proxy so the sockets are correctly deduced to be TCP. However the clients only talk TLS to the proxy and are confused when the top Via header added by Kamailio is TCP. Is there a way for Kamailio to forcibly pretend its protocol is TLS? Like advertised_address but "advertised_protocol"  instead. 

(With pjsip testing: it has a flag use_tls which ignores TCP from Kamailio and continues to use the persistent TLS transport to proxy. Linphone fails because it tries to honor TCP in Via and is unable to establish TCP transport). 

BTW I am using t_relay_to_tcp so Kamailio will return traffic to the proxy as TCP even though the contact addresses specify transport=TLS.
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe: