Hey guys and girls,
I'm trying to configure Kamailio so that I can communicate over it using WebRTC and SIP.
Client 1 is a softphone based on SIPJS. Client 2 is a Yealink phone. Both are registered with the Kamailio. Behind the Kamailio there is another Asterisk. The Kamailio acts as a proxy here.
So far everything works. Only if I accept the call, which is made from Client 1 to Client 2 or vice versa, then I get this error in Client 1: Called with SDP without DTLS fingerprint. I can see that the fingerprint is present in the INVITE from Client 1 to Client 2. However, it is missing in the OK.
The lower part contains my NATMANAGE config. This could probably be optimized a lot, but for now it should work. Unfortunately I have only recently started with Kamailio. I hope you can help me there. I can also send you the SIP-Log if you want to.
Many thanks in advance.
Greetings Benny
route[NATMANAGE] { if (is_request()) { if(has_totag()) { if (check_route_param("nat=yes")) { setbflag(FLB_NATB); }
if (check_route_param("rtp=bridge")) { setbflag(FLB_BRIDGE); }
if (check_route_param("rtp=ws")) { setbflag(FLB_RTPWS); } } }
if (!isbflagset(FLB_BRIDGE)) { return; }
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB) || isbflagset(FLB_RTPWS))) { return; }
$xavp(r=>$T_branch_idx) = "replace-origin replace-session-connection";
if (!nat_uac_test("8")) { xlog("IS TRUSTED"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " trust-address"; }
if (is_request()) { if (!has_totag()) { if (!t_is_failure_route()) { $avp(extra_id) = @via[1].branch + $T_branch_idx; $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " via-branch=extra"; xlog("BRANCH: $T_branch_idx"); } } }
if (is_reply()) { $avp(extra_id) = @via[2].branch + $T_branch_idx; $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " via-branch=extra"; xlog("BRANCH: $T_branch_idx"); }
if(isbflagset(FLB_RTPWS)){ xlog("IS WS"); if(is_request()){ xlog("IS REQUEST"); if ($proto =~ "ws") { xlog("WEB --> SIP"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off SDES-off ICE=remove RTP/AVP"; rtpengine_manage($xavp(r=>$T_branch_idx)); if (route(FROMASTERISK)) { xlog("FROM INTERNAL"); } else { xlog("FROM EXTERNAL"); rtpengine_manage(" direction=external direction=internal ICE=remove loop-protect"); } } else { xlog("SIP --> WEB"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer generate-mid DTLS=passive SDES-off ICE=force RTP/SAVPF direction=internal direction=external loop-protect"; } } else { xlog("IS RESPONSE"); if ($proto =~ "ws") { xlog("WEB --> SIP"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off SDES-off ICE=remove RTP/AVP direction=external direction=internal loop-protect"; } else { xlog("SIP --> WEB"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer generate-mid DTLS=passive SDES-off ICE=force RTP/SAVPF direction=internal direction=external loop-protect"; } rtpengine_manage($xavp(r=>$T_branch_idx)); } } else { xlog("SIP --> SIP"); if (route(FROMASTERISK)) { xlog("FROM INTERNAL"); rtpengine_manage(" direction=internal direction=external ICE=remove loop-protect"); } else { xlog("FROM EXTERNAL"); rtpengine_manage(" direction=external direction=internal ICE=remove loop-protect"); } } xlog("NATMANAGE branch_id:$T_branch_idx ruri: $ru, method:$rm, status:$rs, extra_id: $avp(extra_id), rtpengine_manage: $xavp(r=>$T_branch_idx)\n");
if (is_request()) { if (!has_totag()) { if (t_is_branch_route()) { if (isbflagset(FLB_NATB)) { add_rr_param(";nat=yes"); }
if (isbflagset(FLB_BRIDGE)) { add_rr_param(";rtp=bridge"); }
if (isbflagset(FLB_RTPWS)) { add_rr_param(";rtp=ws"); } } } } if (is_reply()) { if (isbflagset(FLB_NATB)) { if (is_first_hop()) { if (af == INET) { set_contact_alias(); } } } } return; }
There's a demo between alice and bob:
which at least interests me. Have you accomplished such a demo call?
-Nick
Hi, check which protocol which r u using on hardphones... If its UDP - it wouldn't be work - because in ur route block u r just returning from this route...
This code block working fine for TCP, but won't be work for UDP..
if (is_request()) { if(has_totag()) { if (check_route_param("nat=yes")) { setbflag(FLB_NATB); }
if (check_route_param("rtp=bridge")) { setbflag(FLB_BRIDGE); }
if (check_route_param("rtp=ws")) { setbflag(FLB_RTPWS); } } }
in your case u r just returning from this route: if (!isbflagset(FLB_BRIDGE)) { return; } because there are no any flags configured yet, I mean, kamailio doesn't now anything about connection - because there is no any connection in case when u r using UDP, because UDP is connection stateless....
-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
and also: xlog("IS REQUEST"); if ($proto =~ "ws") { xlog("WEB --> SIP"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off SDES-off ICE=remove RTP/AVP"; rtpengine_manage($xavp(r=>$T_branch_idx)); if (route(FROMASTERISK)) { xlog("FROM INTERNAL"); } else { xlog("FROM EXTERNAL"); rtpengine_manage(" direction=external direction=internal ICE=remove loop-protect"); }
You don't need to do rtpengine_manage twice... But in ur code its executing twice - I believe thats the root cause of that issue...
-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
Hello Zhan,
thanks for your Input.
I got it to work.
The code of the config is probably still not nice to look at, but it works for now. This is the most important thing for me. WEB to SIP, SIP to WEB and SIP to SIP encrypted (TLS) works.
Below is my current NATMANAGE-Config. I will gladly accept further suggestions.
The important point was that I had to delete the flag " via-branch=extra"; and the flags "SDES-off" and "RTP/AVP".
As I said, I am still pretty new to the topic and there was a lot of try and error in the end.
Thanks,
Benny
route[NATMANAGE] { if (is_request()) { if(has_totag()) { if (check_route_param("nat=yes")) { xlog("FLB_NATB is set"); setbflag(FLB_NATB); }
if (check_route_param("rtp=bridge")) { xlog("FLB_BRIDGE is set"); setbflag(FLB_BRIDGE); }
if (check_route_param("rtp=ws")) { xlog("FLB_RTPWS is set"); setbflag(FLB_RTPWS); } } }
if (!isbflagset(FLB_BRIDGE)) { xlog("FLB_BRIDGE is not set"); #return; }
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB) || isbflagset(FLB_RTPWS))) { xlog("All flags are not set"); return; }
$xavp(r=>$T_branch_idx) = "replace-origin replace-session-connection";
if (!nat_uac_test("8")) { xlog("IS TRUSTED"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " trust-address"; }
if (is_request()) { if (!has_totag()) { if (!t_is_failure_route()) { $avp(extra_id) = @via[1].branch + $T_branch_idx; $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx); xlog("BRANCH: $T_branch_idx"); } } }
if (is_reply()) { $avp(extra_id) = @via[2].branch + $T_branch_idx; $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx); xlog("BRANCH: $T_branch_idx"); }
if(isbflagset(FLB_RTPWS)){ xlog("IS WS"); if(is_request()){ xlog("IS REQUEST"); if ($proto =~ "ws") { xlog("WEB --> SIP"); if (route(FROMASTERISK)) { xlog("FROM INTERNAL"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off ICE=remove direction=external direction=internal loop-protect"; rtpengine_manage($xavp(r=>$T_branch_idx)); } else { xlog("FROM EXTERNAL"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off ICE=remove direction=external direction=internal loop-protect"; rtpengine_manage($xavp(r=>$T_branch_idx)); } } else { xlog("SIP --> WEB"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer generate-mid DTLS=passive ICE=force SDES-off RTP/SAVPF direction=internal direction=external loop-protect"; rtpengine_manage($xavp(r=>$T_branch_idx)); } } else { xlog("IS RESPONSE"); if ($proto =~ "ws") { xlog("WEB --> SIP"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off ICE=remove direction=external direction=internal loop-protect"; } else { xlog("SIP --> WEB"); $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer generate-mid DTLS=passive ICE=force RTP/SAVPF direction=internal direction=external loop-protect"; } rtpengine_manage($xavp(r=>$T_branch_idx)); } } else { xlog("SIP --> SIP"); if (route(FROMASTERISK)) { xlog("FROM INTERNAL"); rtpengine_manage("replace-origin replace-session-connection trust-address direction=internal direction=external ICE=remove loop-protect"); } else { xlog("FROM EXTERNAL"); rtpengine_manage("replace-origin replace-session-connection trust-address direction=external direction=internal ICE=remove loop-protect"); } } xlog("NATMANAGE branch_id:$T_branch_idx ruri: $ru, method:$rm, status:$rs, extra_id: $avp(extra_id), rtpengine_manage: $xavp(r=>$T_branch_idx)\n");
if (is_request()) { if (!has_totag()) { if (t_is_branch_route()) { if (isbflagset(FLB_NATB)) { add_rr_param(";nat=yes"); }
if (isbflagset(FLB_BRIDGE)) { add_rr_param(";rtp=bridge"); }
if (isbflagset(FLB_RTPWS)) { add_rr_param(";rtp=ws"); } } } } if (is_reply()) { if (isbflagset(FLB_NATB)) { if (is_first_hop()) { if (af == INET) { set_contact_alias(); } } } } return; }
-
Benjamin Flügel | vio:networks -
Nicholas Saunders -
Zhan Bazarov