6 Dec
2022
6 Dec
'22
4:31 p.m.
Dear List
In the last week I try to figure out how I can put in place a
configuration that use an edge proxy and a register by using kamailio
5.6, but i am facing some issues.
Scenario:
We are using on ubuntu 20.04, HAproxy and Kamailio 5.6.
We have configured a Kamailio register that, in the following case,
perfectly works.
______ __ __________
TLS | | TLS
| |
Client ------------------ > | NAT |-----------> | Kamalio |
in |_HAProxy | out in | Register |
|_________| | |
|________ _|
Now we want to put a kamailio edge proxy before the kamailio Register,
please take a look to the below picture
______
______ __ _________
___________
TLS | | TLS |
| TCP | |
Client ------------------ > | NAT |-----------> | Kamalio |
-------------> | Kamailio |
in |_HAProxy | out in | Edge | out
in | Register |
|_________| | Proxy
| | |
|_________| |___________|
HAproxy -> sip-test.example.com
Kamailio edge proxy -> 192.168.58.1
Kamailio Register -> 192.168.58.15
The kamailio Edge has been configured as indicated in the outbound
module example.
When a transaction such as REGISTER or SUBSCRIBE reach the "Kamailio
Register" the Record-Route and Via headers are correct and it works.
When the transaction such as MESSAGE or INVITE reach the "Kamailio
Register" it does not work and below you can see the message and the error.
Note that the Record-Route and Via headers are the same as the previous
message REGISTER and SUBSCRIBE.
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1
40742 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>:
SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE
sip:s-user.02@sip-dev.example.com SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKa257.add27f134dd83c78aef13ca7798f87ca.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjajkY.0NlW2AFuz3.BRaKH4EdvdmQTs9L;alias
Max-Forwards: 69
From:
<sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To: <sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40742 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Content-Type: text/plain
Content-Length: 59
################## MESSAGE ###################
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1
40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>:
SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE
sip:s-user.02@sip-dev.example.com SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias
Max-Forwards: 69
From:
<sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To: <sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40743 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Proxy-Authorization: Digest username="s-user.03",
realm="sip-dev.example.com", nonce="Y48hMWOPIAW7JeSQ7/a+cuJ1gKwT8hrC",
uri="sip:s-user.02@sip-dev.example.com",
response="3b7c34476443e5f1125fa460a4981180",
cnonce="3AT-ZMwyfpgaMwlulh5cq5vJHi75-wnz", qop=auth, nc=00000001
Content-Type: text/plain
Content-Length: 59
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: WARNING:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core>
[core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced
tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1
40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]:
uri2dst2(): no corresponding socket found for "192.168.58.1" af 2
(tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1
40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]:
prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding
listening socket)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1
40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]:
t_forward_nonack(): failure to add branches
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1
40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl [sl_funcs.c:372]:
sl_reply_error(): stateless error reply used: I'm terribly sorry, server
error occurred (7/SL)
based on what we have understood in the message headers "Via" and
Record-Route" there are the right information to reach back the proxy
Edge, but looking to the error message it seems that the kamailio
register try to reach back the proxy edge through the TLS instead of
using the TCP.
Could someone put me in the right direction.
Thanks
Regards
--
------------------------------------------------------------------------
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
mobile: +39 393 9196310
tel: +39 0165 1845290
e-mail: giovanni.iamonte(a)quintetto.it
web: www.quintetto.it
6 Dec
6 Dec
4:57 p.m.
Hello,
why do you want to build it like this in the first place? Usually, Kamailio is used as the
first network element that processes the traffic from the devices. That means, its not
used behind haproxy.
If you want to use haproxy for some reasons, there is a core parameter to enable support
for the haproxy protocol. But it will not help you for this error.
This is probably caused from the Record-Route/Via contains the tls protocol. The haproxy
of course does not speak SIP, so the message contains not the headers Kamailio expect.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of Giovanni Iamonte
Sent: Tuesday, December 6, 2022 2:32 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] outbound Edge Proxy
Dear List
In the last week I try to figure out how I can put in place a configuration that use an
edge proxy and a register by using kamailio 5.6, but i am facing some issues.
Scenario:
We are using on ubuntu 20.04, HAproxy and Kamailio 5.6.
We have configured a Kamailio register that, in the following case, perfectly works.
______ __ __________
TLS | | TLS | |
Client ------------------ > | NAT |-----------> | Kamalio |
in |_HAProxy | out in | Register |
|_________| | |
|________ _|
Now we want to put a kamailio edge proxy before the kamailio Register, please take a look
to the below picture
______
______ __ _________
___________
TLS | | TLS | |
TCP | |
Client ------------------ > | NAT |-----------> | Kamalio | -------------> |
Kamailio |
in |_HAProxy | out in | Edge | out in | Register
|
|_________| | Proxy | |
|
|_________|
|___________|
HAproxy -> sip-test.example.com
Kamailio edge proxy -> 192.168.58.1
Kamailio Register -> 192.168.58.15
The kamailio Edge has been configured as indicated in the outbound module example.
When a transaction such as REGISTER or SUBSCRIBE reach the "Kamailio Register"
the Record-Route and Via headers are correct and it works.
When the transaction such as MESSAGE or INVITE reach the "Kamailio Register" it
does not work and below you can see the message and the error.
Note that the Record-Route and Via headers are the same as the previous message REGISTER
and SUBSCRIBE.
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1 40742 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>: SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE<mailto:192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE>
sip:s-user.02@sip-dev.example.com<mailto:sip:s-user.02@sip-dev.example.com>
SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKa257.add27f134dd83c78aef13ca7798f87ca.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjajkY.0NlW2AFuz3.BRaKH4EdvdmQTs9L;alias
Max-Forwards: 69
From:
<sip:s-user.03@sip-dev.example.com><mailto:sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To:
<sip:s-user.02@sip-dev.example.com><mailto:sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40742 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Content-Type: text/plain
Content-Length: 59
################## MESSAGE ###################
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>: SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE<mailto:192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE>
sip:s-user.02@sip-dev.example.com<mailto:sip:s-user.02@sip-dev.example.com>
SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias
Max-Forwards: 69
From:
<sip:s-user.03@sip-dev.example.com><mailto:sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To:
<sip:s-user.02@sip-dev.example.com><mailto:sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40743 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Proxy-Authorization: Digest username="s-user.03",
realm="sip-dev.example.com", nonce="Y48hMWOPIAW7JeSQ7/a+cuJ1gKwT8hrC",
uri="sip:s-user.02@sip-dev.example.com"<mailto:sip:s-user.02@sip-dev.example.com>,
response="3b7c34476443e5f1125fa460a4981180",
cnonce="3AT-ZMwyfpgaMwlulh5cq5vJHi75-wnz", qop=auth, nc=00000001
Content-Type: text/plain
Content-Length: 59
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: WARNING: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core> [core/forward.c:228]: get_send_socket2():
protocol/port mismatch (forced tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]: uri2dst2(): no corresponding socket found
for "192.168.58.1" af 2 (tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]: prepare_new_uac(): can't fwd to af
2, proto 3 (no corresponding listening socket)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]: t_forward_nonack(): failure to add
branches
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl [sl_funcs.c:372]: sl_reply_error(): stateless error
reply used: I'm terribly sorry, server error occurred (7/SL)
based on what we have understood in the message headers "Via" and
Record-Route" there are the right information to reach back the proxy Edge, but
looking to the error message it seems that the kamailio register try to reach back the
proxy edge through the TLS instead of using the TCP.
Could someone put me in the right direction.
Thanks
Regards
--
________________________________
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
• mobile: +39 393 9196310
• tel: +39 0165 1845290
• e-mail: giovanni.iamonte@quintetto.it<mailto:giovanni.iamonte@quintetto.it>
• web: www.quintetto.it<http://www.quintetto.it>
8:01 p.m.
------------------------------------------------------------------------
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
mobile: +39 393 9196310
tel: +39 0165 1845290
e-mail: giovanni.iamonte(a)quintetto.it
web: www.quintetto.it
On 06/12/22 14:57, Henning Westerholt wrote:
When a transaction such as REGISTER or SUBSCRIBE reach the "Kamailio
Register" the Record-Route and Via headers are correct and it works.
When the transaction such as MESSAGE or INVITE reach the "Kamailio
Register" it does not work and below you can see the message and the
error.
Note that the Record-Route and Via headers are the same as the
previous message REGISTER and SUBSCRIBE.
8:32 p.m.
Hi Henning,
For some internal policies we must use HAproxy.
In our current configuration (Haproxy -> Kamalio Register) everything
work correctly.
In our next configuration (HAproxy -> Kamailio edge proxy -> Kamalio
Register)
the Record-Route and via are the same for REGISTER, SUBSCRIBE, INVITE
and MESSAGE, see below
/Record-Route: <//sip:192.168.58.1:15006;transport=tcp;r2=on;lr//>//
//Record-Route:
<//sip:sip-test.example.com:16005;transport=tls;r2=on;lr//>//
//Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6//
//Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias/
Now the question is: why the REGISTER, SUBSCRIBE work and INVITE,
MESSAGE do not work. furthermore, since the Record- Route and VIA are
the same there is a reason why the REGISTER, SUBSCRIBE use the TCP and
INVITE, MESSAGE use the TLS.
Below the error that we can see in the kamailio log.
/Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: WARNING:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core>
[core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced
tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]:
uri2dst2(): no corresponding socket found for "192.168.58.1" af 2
(tls:192.168.58.1:60982)//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]:
prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding
listening socket)//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]:
t_forward_nonack(): failure to add branches//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl [sl_funcs.c:372]:
sl_reply_error(): stateless error reply used: I'm terribly sorry, server
error occurred (7/SL)
/
Thanks
Regards
------------------------------------------------------------------------
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
mobile: +39 393 9196310
tel: +39 0165 1845290
e-mail: giovanni.iamonte(a)quintetto.it
web: www.quintetto.it
On 06/12/22 14:57, Henning Westerholt wrote:
Hello,
why do you want to build it like this in the first place? Usually,
Kamailio is used as the first network element that processes the
traffic from the devices. That means, its not used behind haproxy.
If you want to use haproxy for some reasons, there is a core parameter
to enable support for the haproxy protocol. But it will not help you
for this error.
This is probably caused from the Record-Route/Via contains the tls
protocol. The haproxy of course does not speak SIP, so the message
contains not the headers Kamailio expect.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/ <https://skalatan.de/blog/>
Kamailio services – https://gilawa.com <https://gilawa.com/>
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> *On Behalf Of
*Giovanni Iamonte
*Sent:* Tuesday, December 6, 2022 2:32 PM
*To:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
*Subject:* [SR-Users] outbound Edge Proxy
Dear List
In the last week I try to figure out how I can put in place a
configuration that use an edge proxy and a register by using kamailio
5.6, but i am facing some issues.
Scenario:
We are using on ubuntu 20.04, HAproxy and Kamailio 5.6.
We have configured a Kamailio register that, in the following case,
perfectly works.
______ __ __________
TLS | | TLS
| |
Client ------------------ > | NAT |-----------> | Kamalio |
in |_HAProxy | out in | Register |
|_________| | |
|________ _|
Now we want to put a kamailio edge proxy before the kamailio Register,
please take a look to the below picture
______
______ __ _________ ___________
TLS | | TLS |
| TCP | |
Client ------------------ > | NAT |-----------> | Kamalio |
-------------> | Kamailio |
in |_HAProxy | out in | Edge | out
in | Register |
|_________| | Proxy |
| |
|_________| |___________|
HAproxy -> sip-test.example.com
Kamailio edge proxy -> 192.168.58.1
Kamailio Register -> 192.168.58.15
The kamailio Edge has been configured as indicated in the outbound
module example.
When a transaction such as REGISTER or SUBSCRIBE reach the "Kamailio
Register" the Record-Route and Via headers are correct and it works.
When the transaction such as MESSAGE or INVITE reach the "Kamailio
Register" it does not work and below you can see the message and the
error.
Note that the Record-Route and Via headers are the same as the
previous message REGISTER and SUBSCRIBE.
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO:
{1 40742 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>:
SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE
sip:s-user.02@sip-dev.example.com SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKa257.add27f134dd83c78aef13ca7798f87ca.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjajkY.0NlW2AFuz3.BRaKH4EdvdmQTs9L;alias
Max-Forwards: 69
From: <sip:s-user.03@sip-dev.example.com>
<mailto:sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To: <sip:s-user.02@sip-dev.example.com>
<mailto:sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40742 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Content-Type: text/plain
Content-Length: 59
################## MESSAGE ###################
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>:
SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE
sip:s-user.02@sip-dev.example.com SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias
Max-Forwards: 69
From: <sip:s-user.03@sip-dev.example.com>
<mailto:sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To: <sip:s-user.02@sip-dev.example.com>
<mailto:sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40743 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Proxy-Authorization: Digest username="s-user.03",
realm="sip-dev.example.com",
nonce="Y48hMWOPIAW7JeSQ7/a+cuJ1gKwT8hrC",
uri="sip:s-user.02@sip-dev.example.com"
<mailto:sip:s-user.02@sip-dev.example.com>,
response="3b7c34476443e5f1125fa460a4981180",
cnonce="3AT-ZMwyfpgaMwlulh5cq5vJHi75-wnz", qop=auth, nc=00000001
Content-Type: text/plain
Content-Length: 59
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
WARNING: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core>
[core/forward.c:228]: get_send_socket2(): protocol/port mismatch
(forced tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]:
uri2dst2(): no corresponding socket found for "192.168.58.1" af 2
(tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]:
prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding
listening socket)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]:
t_forward_nonack(): failure to add branches
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl
[sl_funcs.c:372]: sl_reply_error(): stateless error reply used: I'm
terribly sorry, server error occurred (7/SL)
based on what we have understood in the message headers "Via" and
Record-Route" there are the right information to reach back the proxy
Edge, but looking to the error message it seems that the kamailio
register try to reach back the proxy edge through the TLS instead of
using the TCP.
Could someone put me in the right direction.
Thanks
Regards
--
------------------------------------------------------------------------
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
(mobile: +39 393 9196310
(tel: +39 0165 1845290
+e-mail: giovanni.iamonte(a)quintetto.it
[web: www.quintetto.it <http://www.quintetto.it>
8:46 p.m.
Hello,
Interesting policy indeed.
You need to look to your configuration and see the place where the error is caused. It
looks that its come from a forward() call or a function that calls this internally.
Add some more debug log and then evaluate what you actually send out and to which
destination. Then you can also see why this happens.
The reason why some requests work and some not are probably the different behaviour of the
request and also the different logic in your Kamailio cfg.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: Giovanni Iamonte <iamonte(a)quintetto.it>
Sent: Tuesday, December 6, 2022 6:33 PM
To: Henning Westerholt <hw(a)gilawa.com>om>; Kamailio (SER) - Users Mailing List
<sr-users(a)lists.kamailio.org>
Subject: Re: [SR-Users] outbound Edge Proxy
Hi Henning,
For some internal policies we must use HAproxy.
In our current configuration (Haproxy -> Kamalio Register) everything work
correctly.
In our next configuration (HAproxy -> Kamailio edge proxy -> Kamalio
Register)
the Record-Route and via are the same for REGISTER, SUBSCRIBE, INVITE and MESSAGE, see
below
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias
Now the question is: why the REGISTER, SUBSCRIBE work and INVITE, MESSAGE do not work.
furthermore, since the Record- Route and VIA are the same there is a reason why the
REGISTER, SUBSCRIBE use the TCP and INVITE, MESSAGE use the TLS.
Below the error that we can see in the kamailio log.
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: WARNING: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core> [core/forward.c:228]: get_send_socket2():
protocol/port mismatch (forced tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]: uri2dst2(): no corresponding socket found
for "192.168.58.1" af 2 (tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]: prepare_new_uac(): can't fwd to af
2, proto 3 (no corresponding listening socket)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]: t_forward_nonack(): failure to add
branches
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl [sl_funcs.c:372]: sl_reply_error(): stateless error
reply used: I'm terribly sorry, server error occurred (7/SL)
Thanks
Regards
________________________________
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
• mobile: +39 393 9196310
• tel: +39 0165 1845290
• e-mail: giovanni.iamonte@quintetto.it<mailto:giovanni.iamonte@quintetto.it>
• web: www.quintetto.it<http://www.quintetto.it>
On 06/12/22 14:57, Henning Westerholt wrote:
Hello,
why do you want to build it like this in the first place? Usually, Kamailio is used as the
first network element that processes the traffic from the devices. That means, its not
used behind haproxy.
If you want to use haproxy for some reasons, there is a core parameter to enable support
for the haproxy protocol. But it will not help you for this error.
This is probably caused from the Record-Route/Via contains the tls protocol. The haproxy
of course does not speak SIP, so the message contains not the headers Kamailio expect.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: sr-users
<sr-users-bounces@lists.kamailio.org><mailto:sr-users-bounces@lists.kamailio.org>
On Behalf Of Giovanni Iamonte
Sent: Tuesday, December 6, 2022 2:32 PM
To: Kamailio (SER) - Users Mailing List
<sr-users@lists.kamailio.org><mailto:sr-users@lists.kamailio.org>
Subject: [SR-Users] outbound Edge Proxy
Dear List
In the last week I try to figure out how I can put in place a configuration that use an
edge proxy and a register by using kamailio 5.6, but i am facing some issues.
Scenario:
We are using on ubuntu 20.04, HAproxy and Kamailio 5.6.
We have configured a Kamailio register that, in the following case, perfectly works.
______ __ __________
TLS | | TLS | |
Client ------------------ > | NAT |-----------> | Kamalio |
in |_HAProxy | out in | Register |
|_________| | |
|________ _|
Now we want to put a kamailio edge proxy before the kamailio Register, please take a look
to the below picture
______
______ __ _________
___________
TLS | | TLS | |
TCP | |
Client ------------------ > | NAT |-----------> | Kamalio | -------------> |
Kamailio |
in |_HAProxy | out in | Edge | out in | Register
|
|_________| | Proxy | |
|
|_________|
|___________|
HAproxy -> sip-test.example.com
Kamailio edge proxy -> 192.168.58.1
Kamailio Register -> 192.168.58.15
The kamailio Edge has been configured as indicated in the outbound module example.
When a transaction such as REGISTER or SUBSCRIBE reach the "Kamailio Register"
the Record-Route and Via headers are correct and it works.
When the transaction such as MESSAGE or INVITE reach the "Kamailio Register" it
does not work and below you can see the message and the error.
Note that the Record-Route and Via headers are the same as the previous message REGISTER
and SUBSCRIBE.
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1 40742 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>: SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE<mailto:192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE>
sip:s-user.02@sip-dev.example.com<mailto:sip:s-user.02@sip-dev.example.com>
SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKa257.add27f134dd83c78aef13ca7798f87ca.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjajkY.0NlW2AFuz3.BRaKH4EdvdmQTs9L;alias
Max-Forwards: 69
From:
<sip:s-user.03@sip-dev.example.com><mailto:sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To:
<sip:s-user.02@sip-dev.example.com><mailto:sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40742 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Content-Type: text/plain
Content-Length: 59
################## MESSAGE ###################
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>: SIPMessage-in-request =
192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE<mailto:192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE>
sip:s-user.02@sip-dev.example.com<mailto:sip:s-user.02@sip-dev.example.com>
SIP/2.0
Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias
Max-Forwards: 69
From:
<sip:s-user.03@sip-dev.example.com><mailto:sip:s-user.03@sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
To:
<sip:s-user.02@sip-dev.example.com><mailto:sip:s-user.02@sip-dev.example.com>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
CSeq: 40743 MESSAGE
Accept: text/plain, application/im-iscomposing+xml
Proxy-Authorization: Digest username="s-user.03",
realm="sip-dev.example.com", nonce="Y48hMWOPIAW7JeSQ7/a+cuJ1gKwT8hrC",
uri="sip:s-user.02@sip-dev.example.com"<mailto:sip:s-user.02@sip-dev.example.com>,
response="3b7c34476443e5f1125fa460a4981180",
cnonce="3AT-ZMwyfpgaMwlulh5cq5vJHi75-wnz", qop=auth, nc=00000001
Content-Type: text/plain
Content-Length: 59
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: WARNING: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core> [core/forward.c:228]: get_send_socket2():
protocol/port mismatch (forced tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]: uri2dst2(): no corresponding socket found
for "192.168.58.1" af 2 (tls:192.168.58.1:60982)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]: prepare_new_uac(): can't fwd to af
2, proto 3 (no corresponding listening socket)
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]: t_forward_nonack(): failure to add
branches
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR: {1 40743 MESSAGE
YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl [sl_funcs.c:372]: sl_reply_error(): stateless error
reply used: I'm terribly sorry, server error occurred (7/SL)
based on what we have understood in the message headers "Via" and
Record-Route" there are the right information to reach back the proxy Edge, but
looking to the error message it seems that the kamailio register try to reach back the
proxy edge through the TLS instead of using the TCP.
Could someone put me in the right direction.
Thanks
Regards
--
________________________________
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
• mobile: +39 393 9196310
• tel: +39 0165 1845290
• e-mail: giovanni.iamonte@quintetto.it<mailto:giovanni.iamonte@quintetto.it>
• web: www.quintetto.it<http://www.quintetto.it>
717
days inactive
717
days old
4 comments
2 participants
participants (2)
-
Giovanni Iamonte -
Henning Westerholt