14 Sep
2020
14 Sep
'20
12:32 p.m.
Hey guys and girls,
I'm trying to configure Kamailio so that I can communicate over it using WebRTC and
SIP.
Client 1 is a softphone based on SIPJS. Client 2 is a Yealink phone.
Both are registered with the Kamailio. Behind the Kamailio there is another Asterisk. The
Kamailio acts as a proxy here.
So far everything works. Only if I accept the call, which is made from Client 1 to Client
2 or vice versa, then I get this error in Client 1:
Called with SDP without DTLS fingerprint. I can see that the fingerprint is present in the
INVITE from Client 1 to Client 2. However, it is missing in the OK.
The lower part contains my NATMANAGE config. This could probably be optimized a lot, but
for now it should work.
Unfortunately I have only recently started with Kamailio. I hope you can help me there. I
can also send you the SIP-Log if you want to.
Many thanks in advance.
Greetings Benny
route[NATMANAGE] {
if (is_request()) {
if(has_totag()) {
if (check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
if (check_route_param("rtp=bridge")) {
setbflag(FLB_BRIDGE);
}
if (check_route_param("rtp=ws")) {
setbflag(FLB_RTPWS);
}
}
}
if (!isbflagset(FLB_BRIDGE)) {
return;
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB) || isbflagset(FLB_RTPWS))) {
return;
}
$xavp(r=>$T_branch_idx) = "replace-origin replace-session-connection";
if (!nat_uac_test("8")) {
xlog("IS TRUSTED");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " trust-address";
}
if (is_request()) {
if (!has_totag()) {
if (!t_is_failure_route()) {
$avp(extra_id) = @via[1].branch + $T_branch_idx;
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + "
via-branch=extra";
xlog("BRANCH: $T_branch_idx");
}
}
}
if (is_reply()) {
$avp(extra_id) = @via[2].branch + $T_branch_idx;
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + "
via-branch=extra";
xlog("BRANCH: $T_branch_idx");
}
if(isbflagset(FLB_RTPWS)){
xlog("IS WS");
if(is_request()){
xlog("IS REQUEST");
if ($proto =~ "ws") {
xlog("WEB --> SIP");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux
DTLS=off SDES-off ICE=remove RTP/AVP";
rtpengine_manage($xavp(r=>$T_branch_idx));
if (route(FROMASTERISK)) {
xlog("FROM INTERNAL");
} else {
xlog("FROM EXTERNAL");
rtpengine_manage(" direction=external direction=internal ICE=remove
loop-protect");
}
} else {
xlog("SIP --> WEB");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer
generate-mid DTLS=passive SDES-off ICE=force RTP/SAVPF direction=internal
direction=external loop-protect";
}
} else {
xlog("IS RESPONSE");
if ($proto =~ "ws") {
xlog("WEB --> SIP");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux
DTLS=off SDES-off ICE=remove RTP/AVP direction=external direction=internal
loop-protect";
} else {
xlog("SIP --> WEB");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer
generate-mid DTLS=passive SDES-off ICE=force RTP/SAVPF direction=internal
direction=external loop-protect";
}
rtpengine_manage($xavp(r=>$T_branch_idx));
}
} else {
xlog("SIP --> SIP");
if (route(FROMASTERISK)) {
xlog("FROM INTERNAL");
rtpengine_manage(" direction=internal direction=external ICE=remove
loop-protect");
} else {
xlog("FROM EXTERNAL");
rtpengine_manage(" direction=external direction=internal ICE=remove
loop-protect");
}
}
xlog("NATMANAGE branch_id:$T_branch_idx ruri: $ru, method:$rm, status:$rs, extra_id:
$avp(extra_id), rtpengine_manage: $xavp(r=>$T_branch_idx)\n");
if (is_request()) {
if (!has_totag()) {
if (t_is_branch_route()) {
if (isbflagset(FLB_NATB)) {
add_rr_param(";nat=yes");
}
if (isbflagset(FLB_BRIDGE)) {
add_rr_param(";rtp=bridge");
}
if (isbflagset(FLB_RTPWS)) {
add_rr_param(";rtp=ws");
}
}
}
}
if (is_reply()) {
if (isbflagset(FLB_NATB)) {
if (is_first_hop()) {
if (af == INET) {
set_contact_alias();
}
}
}
}
return;
}
14 Sep
14 Sep
12:54 p.m.
There's a demo between alice and bob:
https://sipjs.com/
which at least interests me. Have you accomplished such a demo call?
-Nick
5:07 p.m.
Hi, check which protocol which r u using on hardphones... If its UDP - it
wouldn't be work - because in ur route block u r just returning from this
route...
This code block working fine for TCP, but won't be work for UDP..
if (is_request()) {
if(has_totag()) {
if (check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
if (check_route_param("rtp=bridge")) {
setbflag(FLB_BRIDGE);
}
if (check_route_param("rtp=ws")) {
setbflag(FLB_RTPWS);
}
}
}
in your case u r just returning from this route:
if (!isbflagset(FLB_BRIDGE)) {
return;
}
because there are no any flags configured yet, I mean, kamailio doesn't now
anything about connection - because there is no any connection in case when
u r using UDP, because UDP is connection stateless....
--
Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
5:12 p.m.
and also:
xlog("IS REQUEST");
if ($proto =~ "ws") {
xlog("WEB --> SIP");
$xavp(r=>$T_branch_idx) =
$xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off SDES-off ICE=remove
RTP/AVP";
rtpengine_manage($xavp(r=>$T_branch_idx));
if (route(FROMASTERISK)) {
xlog("FROM INTERNAL");
} else {
xlog("FROM EXTERNAL");
rtpengine_manage("
direction=external direction=internal ICE=remove loop-protect");
}
You don't need to do rtpengine_manage twice... But in ur code its executing
twice - I believe thats the root cause of that issue...
--
Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
15 Sep
15 Sep
4:08 p.m.
Hello Zhan,
thanks for your Input.
I got it to work.
The code of the config is probably still not nice to look at, but it works for now.
This is the most important thing for me.
WEB to SIP, SIP to WEB and SIP to SIP encrypted (TLS) works.
Below is my current NATMANAGE-Config. I will gladly accept further suggestions.
The important point was that I had to delete the flag " via-branch=extra"; and
the flags "SDES-off" and "RTP/AVP".
As I said, I am still pretty new to the topic and there was a lot of try and error in the
end.
Thanks,
Benny
route[NATMANAGE] {
if (is_request()) {
if(has_totag()) {
if (check_route_param("nat=yes")) {
xlog("FLB_NATB is set");
setbflag(FLB_NATB);
}
if (check_route_param("rtp=bridge")) {
xlog("FLB_BRIDGE is set");
setbflag(FLB_BRIDGE);
}
if (check_route_param("rtp=ws")) {
xlog("FLB_RTPWS is set");
setbflag(FLB_RTPWS);
}
}
}
if (!isbflagset(FLB_BRIDGE)) {
xlog("FLB_BRIDGE is not set");
#return;
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB) || isbflagset(FLB_RTPWS))) {
xlog("All flags are not set");
return;
}
$xavp(r=>$T_branch_idx) = "replace-origin replace-session-connection";
if (!nat_uac_test("8")) {
xlog("IS TRUSTED");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " trust-address";
}
if (is_request()) {
if (!has_totag()) {
if (!t_is_failure_route()) {
$avp(extra_id) = @via[1].branch + $T_branch_idx;
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx);
xlog("BRANCH: $T_branch_idx");
}
}
}
if (is_reply()) {
$avp(extra_id) = @via[2].branch + $T_branch_idx;
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx);
xlog("BRANCH: $T_branch_idx");
}
if(isbflagset(FLB_RTPWS)){
xlog("IS WS");
if(is_request()){
xlog("IS REQUEST");
if ($proto =~ "ws") {
xlog("WEB --> SIP");
if (route(FROMASTERISK)) {
xlog("FROM INTERNAL");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux
DTLS=off ICE=remove direction=external direction=internal loop-protect";
rtpengine_manage($xavp(r=>$T_branch_idx));
} else {
xlog("FROM EXTERNAL");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux
DTLS=off ICE=remove direction=external direction=internal loop-protect";
rtpengine_manage($xavp(r=>$T_branch_idx));
}
} else {
xlog("SIP --> WEB");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer
generate-mid DTLS=passive ICE=force SDES-off RTP/SAVPF direction=internal
direction=external loop-protect";
rtpengine_manage($xavp(r=>$T_branch_idx));
}
} else {
xlog("IS RESPONSE");
if ($proto =~ "ws") {
xlog("WEB --> SIP");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux
DTLS=off ICE=remove direction=external direction=internal loop-protect";
} else {
xlog("SIP --> WEB");
$xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer
generate-mid DTLS=passive ICE=force RTP/SAVPF direction=internal direction=external
loop-protect";
}
rtpengine_manage($xavp(r=>$T_branch_idx));
}
} else {
xlog("SIP --> SIP");
if (route(FROMASTERISK)) {
xlog("FROM INTERNAL");
rtpengine_manage("replace-origin replace-session-connection trust-address
direction=internal direction=external ICE=remove loop-protect");
} else {
xlog("FROM EXTERNAL");
rtpengine_manage("replace-origin replace-session-connection trust-address
direction=external direction=internal ICE=remove loop-protect");
}
}
xlog("NATMANAGE branch_id:$T_branch_idx ruri: $ru, method:$rm, status:$rs, extra_id:
$avp(extra_id), rtpengine_manage: $xavp(r=>$T_branch_idx)\n");
if (is_request()) {
if (!has_totag()) {
if (t_is_branch_route()) {
if (isbflagset(FLB_NATB)) {
add_rr_param(";nat=yes");
}
if (isbflagset(FLB_BRIDGE)) {
add_rr_param(";rtp=bridge");
}
if (isbflagset(FLB_RTPWS)) {
add_rr_param(";rtp=ws");
}
}
}
}
if (is_reply()) {
if (isbflagset(FLB_NATB)) {
if (is_first_hop()) {
if (af == INET) {
set_contact_alias();
}
}
}
}
return;
}
1536
days inactive
1537
days old
4 comments
3 participants
participants (3)
-
Benjamin Flügel | vio:networks -
Nicholas Saunders -
Zhan Bazarov