2 Jan
2025
2 Jan
'25
8:01 a.m.
Hi Gang
A quick search via google did not reveal any useful hits.
Kamailio 5.7.6
CPE (TLS) => SBC (UDP) => Registrar (UDP) => Core
CPE uses a sips contact URI to register, no transport attribute!
sips:315996608@172.29.255.11:5061
SBC uses Path functionality.
Situation: Call to CPE
I see the registrar adding this Record-Route:
Record-Route: <sips:registrar-ip;lr;ftag=6159862378>
The SBC is adding a r2=on Record-Route to indicate the change between
UDP and TLS.
The Route-Set received by the CPE then is:
INVITE sips:315996608@172.29.255.11:5061 SIP/2.0
Record-Route: <sips:sbc-ip:5061;transport=tls;r2=on;lr;ftag=6159862378>
Record-Route: <sips:sbc-ip;r2=on;lr;ftag=6159862378>
Record-Route: <sips:registrar-ip;lr;ftag=6159862378>
Record-Route: <sip:core-ip;lr;ftag=6159862378>
180 Ringing req 100rel is making it back as the Via header look right.
But when the remote side is sending a PRACK, is has to follow the
Routeset which if I am not mistaking, is not making it back because
because the CORE does not know how to send this via TLS to the
Registrar.
Core logging:
prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket)
IMHO already the 2nd Record-Route added by the Registrar should not
contain a sips: URI but a sip: URI (reflecting the transport attribute
not being present, defaulting to UDP)
Is this a known issue?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
2 Jan
2 Jan
8:54 a.m.
Hi
Quick update...
I switched the CPE from TLS to TCP
Now the CPE registers with sip: and ;transport=tcp
The problem does not occur.
I attemted to reproduce the issue with a CPE using sip: ;transport=tls
The problem does not occur.
I fear, something goes wrong kamailio internally if the sips: scheme is
being used.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
9:28 a.m.
On 2 Jan 2025, at 14:54, Benoit Panizzon via sr-users
<sr-users(a)lists.kamailio.org> wrote:
Hi
Quick update...
I switched the CPE from TLS to TCP
Now the CPE registers with sip: and ;transport=tcp
The problem does not occur.
I attemted to reproduce the issue with a CPE using sip: ;transport=tls
The problem does not occur.
I fear, something goes wrong kamailio internally if the sips: scheme is
being used.
Well, something went wrong internally while writing the SIP RFC so the sips: scheme can’t
really be implemented properly. My best defence for the authors is that they got a last
minute request to add security like ldaps: and https: and they gave it a try without
really implementing it beforehand.
Better to use ";transport=tls” and wait for energy in the IETF SIP wg to really focus
on solving the TLS issues.
/O
3 Jan
3 Jan
4 p.m.
Benoit, try testing the sips scheme with the option enabled:
modparam("rr", "ignore_sips", 1)
чт, 2 янв. 2025 г. в 15:48, Olle E. Johansson via sr-users <
sr-users(a)lists.kamailio.org>gt;:
--
BR,
Denys Pozniak
On 2 Jan 2025, at 14:54, Benoit Panizzon via
sr-users <
sr-users(a)lists.kamailio.org> wrote:
Hi
Quick update...
I switched the CPE from TLS to TCP
Now the CPE registers with sip: and ;transport=tcp
The problem does not occur.
I attemted to reproduce the issue with a CPE using sip: ;transport=tls
The problem does not occur.
I fear, something goes wrong kamailio internally if the sips: scheme is
being used.
Well, something went wrong internally while writing the SIP RFC so the
sips: scheme can’t really be implemented properly. My best defence for the
authors is that they got a last minute request to add security like ldaps:
and https: and they gave it a try without really implementing it beforehand.
Better to use ";transport=tls” and wait for energy in the IETF SIP wg to
really focus on solving the TLS issues.
/O
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
sr-users(a)lists.kamailio.org
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
6 Jan
6 Jan
2:17 a.m.
Hi Denys
Benoit, try testing the sips scheme with the option
enabled:
modparam("rr", "ignore_sips", 1)
Thank you, yes, this solved the issue!
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
0
days inactive
4
days old
4 comments
3 participants
participants (3)
-
Benoit Panizzon -
Denys Pozniak -
Olle E. Johansson