Re: [SR-Users] Integration with multiple MS Teams instances

Hello, are u using letsencrypt?

U can use a multi domain.

Muti domain names in one certificate

Outlook voor Androidhttps://aka.ms/AAb9ysg downloaden ________________________________ From: sr-users sr-users-bounces@lists.kamailio.org on behalf of Володимир Іванець volodyaivanets@gmail.com Sent: Thursday, July 29, 2021 4:44:16 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: [SR-Users] Integration with multiple MS Teams instances

Hello all!

I was able to connect Kamailio with MS Teams and now trying to add one more Teams instance. It looks like I have some misconfiguration or there is a bug.

My test server has 2 domain records pointing at it (kamailio.domain1.comhttp://kamailio.domain1.com and kamailio.domain2.comhttp://kamailio.domain2.com). My tls.cfg configuration file looks like this. As you can see the Default section is configured with a kamailio.domain1.comhttp://kamailio.domain1.com sertificate: [server:default] method = TLSv1.0+ require_certificate = no verify_certificate = no private_key = /var/kamailio/certificates/kamailio.domain1.com/server/key.pemhttp://kamailio.domain1.com/server/key.pem certificate = /var/kamailio/certificates/kamailio.domain1.com/server/cert.pemhttp://kamailio.domain1.com/server/cert.pem ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pemhttp://kamailio.domain1.com/CA/cert.pem

[client:default] method = TLSv1.0+ require_certificate = no verify_certificate = no private_key = /var/kamailio/certificates/kamailio.domain1.com/server/key.pemhttp://kamailio.domain1.com/server/key.pem certificate = /var/kamailio/certificates/kamailio.domain1.com/server/cert.pemhttp://kamailio.domain1.com/server/cert.pem ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pemhttp://kamailio.domain1.com/CA/cert.pem

[server:172.16.30.206:5062http://172.16.30.206:5062] method = TLSv1.0+ require_certificate = no verify_certificate = no private_key = /var/kamailio/certificates/kamailio.domain1.com/server/key.pemhttp://kamailio.domain1.com/server/key.pem certificate = /var/kamailio/certificates/kamailio.domain1.com/server/cert.pemhttp://kamailio.domain1.com/server/cert.pem ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pemhttp://kamailio.domain1.com/CA/cert.pem server_name = "kamailio.domain1.comhttp://kamailio.domain1.com" server_id = ""kamailio.domain1.comhttp://kamailio.domain1.com"

[client:172.16.30.206:5062http://172.16.30.206:5062] method = TLSv1.0+ require_certificate = no verify_certificate = no private_key = /var/kamailio/certificates/kamailio.domain1.com/server/key.pemhttp://kamailio.domain1.com/server/key.pem certificate = /var/kamailio/certificates/kamailio.domain1.com/server/cert.pemhttp://kamailio.domain1.com/server/cert.pem ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pemhttp://kamailio.domain1.com/CA/cert.pem

[server:172.16.30.206:5063http://172.16.30.206:5063] method = TLSv1.0+ require_certificate = no verify_certificate = no private_key = /var/kamailio/certificates/kamailio.domain2.com/server/key.pemhttp://kamailio.domain2.com/server/key.pem certificate = /var/kamailio/certificates/kamailio.domain2.com/server/cert.pemhttp://kamailio.domain2.com/server/cert.pem ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pemhttp://kamailio.domain2.com/CA/cert.pem server_name = "kamailio.domain2.comhttp://kamailio.domain2.com" server_id = ""kamailio.domain2.comhttp://kamailio.domain2.com"

[client:172.16.30.206:5063http://172.16.30.206:5063] method = TLSv1.0+ require_certificate = no verify_certificate = no private_key = /var/kamailio/certificates/kamailio.domain2.com/server/key.pemhttp://kamailio.domain2.com/server/key.pem certificate = /var/kamailio/certificates/kamailio.domain2.com/server/cert.pemhttp://kamailio.domain2.com/server/cert.pem ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pemhttp://kamailio.domain2.com/CA/cert.pem

The dispatcher configuration table looks like this: +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ | id | setid | destination | flags | priority | attrs | description | +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ | 1 | 1 | sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls | 0 | 3 | socket=tls:172.16.30.206:5062;ping_from=sip:kamailio.domain1.comhttp://kamailio.domain1.com | MS Teams 1 | | 2 | 2 | sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls | 0 | 3 | socket=tls:172.16.30.206:5063;ping_from=sip:kamailio.domain2.comhttp://kamailio.domain2.com | MS Teams 2 | +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+

When Kamailio is started only connection with the first trunk is established: # kamcmd tls.list { id: 1 timeout: 0 src_ip: 52.114.75.24 src_port: 5061 dst_ip: 172.16.30.206 dst_port: 0 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 0 src_ip: 52.114.75.24 src_port: 7810 dst_ip: 172.16.30.206 dst_port: 5062 cipher: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 596 src_ip: 52.114.75.24 src_port: 7811 dst_ip: 172.16.30.206 dst_port: 5062 cipher: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }

Here is what I can see in Kamailio log file when it sends an OPTIONS request to the second trunk. Kamailio uses Default tls configuration and MS Teams don't accept it: Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: ALERT: <script>: == TRACE. tm:local-request. fs is tls:172.16.30.206:5063http://172.16.30.206:5063 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm [uac.c:352]: t_run_local_req(): apply new updates without Via to sip msg Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/msg_translator.c:1796]: check_boundaries(): no multi-part body Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request: Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:612]: parse_msg(): method: <OPTIONS> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:614]: parse_msg(): uri: <sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:616]: parse_msg(): version: <SIP/2.0> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/parse_via.c:1303]: parse_via_param(): Found param type 232, <branch> = <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/parse_via.c:2639]: parse_via(): end of header reached, state=5 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:498]: parse_headers(): Via found, flags=2 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:500]: parse_headers(): this is the first via Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/parse_addr_spec.c:864]: parse_addr_spec(): end of header reached, state=10 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:171]: get_hdr_field(): <To> [47]; uri=[sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls] Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:174]: get_hdr_field(): to body (47)[<sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls>^M ], to tag (0)[] Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq <CSeq>: <10> <OPTIONS> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:185]: get_hdr_field(): content_length=0 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:89]: get_hdr_field(): found end of header Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request: Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:612]: parse_msg(): method: <OPTIONS> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:614]: parse_msg(): uri: <sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:616]: parse_msg(): version: <SIP/2.0> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/parse_via.c:1303]: parse_via_param(): Found param type 232, <branch> = <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/parse_via.c:2639]: parse_via(): end of header reached, state=5 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:498]: parse_headers(): Via found, flags=2 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:500]: parse_headers(): this is the first via Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/parse_addr_spec.c:864]: parse_addr_spec(): end of header reached, state=10 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:171]: get_hdr_field(): <To> [47]; uri=[sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls] Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:174]: get_hdr_field(): to body (47)[<sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls>^M ], to tag (0)[] Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq <CSeq>: <10> <OPTIONS> Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm [uac.c:189]: uac_refresh_hdr_shortcuts(): cseq: [CSeq: 10] Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/tcp_main.c:1993]: tcp_send(): no open tcp connection found, opening new one Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: 52.114.75.24 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/tcp_main.c:1175]: tcpconn_new(): on port 5061, type 3, socket -1 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> [core/tcp_main.c:1498]: tcpconn_add(): hashes: 2831:67:0, 1 Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:162]: tls_get_connect_server_name(): xavp with outbound server name not found Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:142]: tls_get_connect_server_id(): xavp with outbound server id not found Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSc<default> (dom 0x7f35509da688 ctx 0x7f3550b7a568 sn []) Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7f3550b7a568: (nil) Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started ...

If I change the Default configuration to use kamailio.domain2.comhttp://kamailio.domain2.com certificate, the second trunk will connect but the first one will fail. I tried to set "$xavp(tls=>server_name)" and "$xavp(tls[0]=>server_id)" variables to the event_route[tm:local-request] section but log still stated that server Name and ID were not found.

Can someone please point me in the right direction, how can I make Kamailio use the correct certificates when establishing multiple TLS connections?

Thanks a lot!

Regards, Volodymyr Ivanets