Hi!
I've the following setup: Teleco <-> Kamailio <-> Asterisk(s)
The proxy has one public IP (say 1.2.3.4) and one private (10.0.0.1). The asterisk-pbx:es has private adresses (10.0.0.2 in this example)
I noticed that if I bind like this in kamilio.cfg listen=tcp:1.2.3.4:5060 listen=udp:1.2.3.4:5060 listen=tcp:10.0.0.1:5060 listen=udp:10.0.0.1:5060
Then if a call comes in from the Telco to Kamailio (1.2.3.4), kamailio should forward the SIP-packet from it's private address (10.0.0.1) to asterisk (10.0.0.2)
However, the source address of the packets sent from Kamilio to Asterisk is wrong - it uses the public ip. Like this (tcpdump output):
15:02:08.999642 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:09.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:10.474524 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:12.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346
Obviously kamailio doesn't get any answers here. The packet goes out of the right interface, but with the wrong src-address.
However, if I remove the lines with "listen=" in kamailio.cfg to allow kamilio to bind to all interfaces the src-address is correct and everything works!
(I've also done some tests with icmp and telnet and the src-addr seems right in all these cases.)
Is this a bug or am I missing something here?
On Jun 27, 2013, at 9:50 AM, Johan Wilfer lists@jttech.se wrote:
Hi!
I've the following setup: Teleco <-> Kamailio <-> Asterisk(s)
The proxy has one public IP (say 1.2.3.4) and one private (10.0.0.1). The asterisk-pbx:es has private adresses (10.0.0.2 in this example)
I noticed that if I bind like this in kamilio.cfg listen=tcp:1.2.3.4:5060 listen=udp:1.2.3.4:5060 listen=tcp:10.0.0.1:5060 listen=udp:10.0.0.1:5060
Then if a call comes in from the Telco to Kamailio (1.2.3.4), kamailio should forward the SIP-packet from it's private address (10.0.0.1) to asterisk (10.0.0.2)
However, the source address of the packets sent from Kamilio to Asterisk is wrong - it uses the public ip. Like this (tcpdump output):
15:02:08.999642 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:09.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:10.474524 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:12.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346
Obviously kamailio doesn't get any answers here. The packet goes out of the right interface, but with the wrong src-address.
However, if I remove the lines with "listen=" in kamailio.cfg to allow kamilio to bind to all interfaces the src-address is correct and everything works!
(I've also done some tests with icmp and telnet and the src-addr seems right in all these cases.)
Is this a bug or am I missing something here?
It sounds like what you want is force_send_socket:
http://www.kamailio.org/wiki/cookbooks/4.0.x/core#force_send_socket
andrew
2013-06-27 16:08, Andrew Mortensen skrev:
On Jun 27, 2013, at 9:50 AM, Johan Wilfer lists@jttech.se wrote:
Hi!
I've the following setup: Teleco <-> Kamailio <-> Asterisk(s)
The proxy has one public IP (say 1.2.3.4) and one private (10.0.0.1). The asterisk-pbx:es has private adresses (10.0.0.2 in this example)
I noticed that if I bind like this in kamilio.cfg listen=tcp:1.2.3.4:5060 listen=udp:1.2.3.4:5060 listen=tcp:10.0.0.1:5060 listen=udp:10.0.0.1:5060
Then if a call comes in from the Telco to Kamailio (1.2.3.4), kamailio should forward the SIP-packet from it's private address (10.0.0.1) to asterisk (10.0.0.2)
However, the source address of the packets sent from Kamilio to Asterisk is wrong - it uses the public ip. Like this (tcpdump output):
15:02:08.999642 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:09.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:10.474524 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:12.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346
Obviously kamailio doesn't get any answers here. The packet goes out of the right interface, but with the wrong src-address.
However, if I remove the lines with "listen=" in kamailio.cfg to allow kamilio to bind to all interfaces the src-address is correct and everything works!
(I've also done some tests with icmp and telnet and the src-addr seems right in all these cases.)
Is this a bug or am I missing something here?
It sounds like what you want is force_send_socket:
http://www.kamailio.org/wiki/cookbooks/4.0.x/core#force_send_socket
andrew
Hi Andrew, Thanks for the tip!
My kamailio get the routing from a database, and then rewrites the R-URI with $ru = "sip: ...";. And then Kamailio resolve this domain and does all the magic. :-)
If I need to script a code-path for all these different cases I think the best way for me is to remove the listen=...-directives. Because I just want the src-address to be the "right" address (the same as the interface). Right now kamailio uses the right interface for the destination, but uses the source-ip of another interface.
Is there a reason Kamailio just pick one address (of random? the first?) of all addresses when using "listen=", but can determine the right src-address when no "listen="-lines are present?
If this is a limitation with the listen-directive, I guess it's better to bind to all (no listen=) and use iptables to block access to some of the addresses, correct?
27 jun 2013 kl. 16:44 skrev Johan Wilfer lists@jttech.se:
2013-06-27 16:08, Andrew Mortensen skrev:
On Jun 27, 2013, at 9:50 AM, Johan Wilfer lists@jttech.se wrote:
Hi!
I've the following setup: Teleco <-> Kamailio <-> Asterisk(s)
The proxy has one public IP (say 1.2.3.4) and one private (10.0.0.1). The asterisk-pbx:es has private adresses (10.0.0.2 in this example)
I noticed that if I bind like this in kamilio.cfg listen=tcp:1.2.3.4:5060 listen=udp:1.2.3.4:5060 listen=tcp:10.0.0.1:5060 listen=udp:10.0.0.1:5060
Then if a call comes in from the Telco to Kamailio (1.2.3.4), kamailio should forward the SIP-packet from it's private address (10.0.0.1) to asterisk (10.0.0.2)
However, the source address of the packets sent from Kamilio to Asterisk is wrong - it uses the public ip. Like this (tcpdump output):
15:02:08.999642 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:09.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:10.474524 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:12.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346
Obviously kamailio doesn't get any answers here. The packet goes out of the right interface, but with the wrong src-address.
However, if I remove the lines with "listen=" in kamailio.cfg to allow kamilio to bind to all interfaces the src-address is correct and everything works!
(I've also done some tests with icmp and telnet and the src-addr seems right in all these cases.)
Is this a bug or am I missing something here?
It sounds like what you want is force_send_socket:
http://www.kamailio.org/wiki/cookbooks/4.0.x/core#force_send_socket
andrew
Hi Andrew, Thanks for the tip!
My kamailio get the routing from a database, and then rewrites the R-URI with $ru = "sip: ...";. And then Kamailio resolve this domain and does all the magic. :-)
If I need to script a code-path for all these different cases I think the best way for me is to remove the listen=...-directives. Because I just want the src-address to be the "right" address (the same as the interface). Right now kamailio uses the right interface for the destination, but uses the source-ip of another interface.
Is there a reason Kamailio just pick one address (of random? the first?) of all addresses when using "listen=", but can determine the right src-address when no "listen="-lines are present?
If this is a limitation with the listen-directive, I guess it's better to bind to all (no listen=) and use iptables to block access to some of the addresses, correct?
Have you enabled multihoming? http://www.kamailio.org/wiki/cookbooks/4.0.x/core#mhomed
/O
2013-06-27 16:53, Olle E. Johansson skrev:
27 jun 2013 kl. 16:44 skrev Johan Wilfer lists@jttech.se:
2013-06-27 16:08, Andrew Mortensen skrev:
On Jun 27, 2013, at 9:50 AM, Johan Wilfer lists@jttech.se wrote:
Hi!
I've the following setup: Teleco <-> Kamailio <-> Asterisk(s)
The proxy has one public IP (say 1.2.3.4) and one private (10.0.0.1). The asterisk-pbx:es has private adresses (10.0.0.2 in this example)
I noticed that if I bind like this in kamilio.cfg listen=tcp:1.2.3.4:5060 listen=udp:1.2.3.4:5060 listen=tcp:10.0.0.1:5060 listen=udp:10.0.0.1:5060
Then if a call comes in from the Telco to Kamailio (1.2.3.4), kamailio should forward the SIP-packet from it's private address (10.0.0.1) to asterisk (10.0.0.2)
However, the source address of the packets sent from Kamilio to Asterisk is wrong - it uses the public ip. Like this (tcpdump output):
15:02:08.999642 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:09.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:10.474524 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346 15:02:12.474525 IP 1.2.3.4.sip > 10.0.0.1.5060: SIP, length: 1346
Obviously kamailio doesn't get any answers here. The packet goes out of the right interface, but with the wrong src-address.
However, if I remove the lines with "listen=" in kamailio.cfg to allow kamilio to bind to all interfaces the src-address is correct and everything works!
(I've also done some tests with icmp and telnet and the src-addr seems right in all these cases.)
Is this a bug or am I missing something here?
It sounds like what you want is force_send_socket:
http://www.kamailio.org/wiki/cookbooks/4.0.x/core#force_send_socket
andrew
Hi Andrew, Thanks for the tip!
My kamailio get the routing from a database, and then rewrites the R-URI with $ru = "sip: ...";. And then Kamailio resolve this domain and does all the magic. :-)
If I need to script a code-path for all these different cases I think the best way for me is to remove the listen=...-directives. Because I just want the src-address to be the "right" address (the same as the interface). Right now kamailio uses the right interface for the destination, but uses the source-ip of another interface.
Is there a reason Kamailio just pick one address (of random? the first?) of all addresses when using "listen=", but can determine the right src-address when no "listen="-lines are present?
If this is a limitation with the listen-directive, I guess it's better to bind to all (no listen=) and use iptables to block access to some of the addresses, correct?
Have you enabled multihoming? http://www.kamailio.org/wiki/cookbooks/4.0.x/core#mhomed
Olle, you are the king. Thank you!
With mhomed=1 it works with the listen-directives.
Greetings from Västkusten :-)
27 jun 2013 kl. 17:04 skrev Johan Wilfer lists@jttech.se:
Have you enabled multihoming? http://www.kamailio.org/wiki/cookbooks/4.0.x/core#mhomed
Olle, you are the king. Thank you!
You are welcome!
With mhomed=1 it works with the listen-directives.
Great!
Greetings from Västkusten :-)
Greetings from Sollentuna!
/O
-
Andrew Mortensen -
Johan Wilfer -
Olle E. Johansson