19 Dec
2019
19 Dec
'19
3:23 p.m.
Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) ---->
kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an outgoing tls
connection to kamailio server 2, i have set the server_name and server_id
in the client profile in tls.cfg like below on kamailio server 1
[client:default]
verify_certificate = no
require_certificate = no
server_name = mahesh.client.com
[client:10.211.160.172:5061]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key
certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt
ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt
cipher_list = RSA
verify_depth = 9
server_name = btip.176.com
server_id = btip.176.com
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com";
$xavp(tls=>server_id)="btip.176.com";
$du = "sip:10.211.160.176:5061;transport=tls";
....
t_relay();
What i observe is that , when client hello is sent by 10.211.160.172 to
10.211.160.176, i dont see Extension server_name being sent. Am i missing
anything. Please help !
20 Dec
20 Dec
9:39 a.m.
Hi ,
I further went thru the logs of kamailio, and i see the below
happening.
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound
server name not found
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com
Its strange its able to find the client profile based on server_id , but
not able to find using the server_name
In tls_complete_init( )
if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
}
Am acting as client, so it will hit the else part
the call to sname = tls_get_connect_server_name(); //failed with below
logs
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with
outbound server name not found
the call to srvid = tls_get_connect_server_id(); // success with below
logs
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com
And futher down in the function : as sname is NULL, it is not setting the
server name extension in client hello message.
#ifndef OPENSSL_NO_TLSEXT
if (sname!=NULL) {
if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {
if (data->ssl)
SSL_free(data->ssl);
if (data->rwbio)
BIO_free(data->rwbio);
goto error;
}
LM_DBG("outbound TLS server name set to: %s\n", sname->s);
}
#endif
Am i missing anything here w.r.t configuration ? or is it a bug ? which has
been fixed in later versions ? Please help !!
Regards,
Mahesh.B
On Thu, Dec 19, 2019 at 5:53 PM mahesh b <mahesh.b.2487(a)gmail.com> wrote:
Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) ---->
kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an outgoing tls
connection to kamailio server 2, i have set the server_name and server_id
in the client profile in tls.cfg like below on kamailio server 1
[client:default]
verify_certificate = no
require_certificate = no
server_name = mahesh.client.com
[client:10.211.160.172:5061]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key
certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt
ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt
cipher_list = RSA
verify_depth = 9
server_name = btip.176.com
server_id = btip.176.com
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com";
$xavp(tls=>server_id)="btip.176.com";
$du = "sip:10.211.160.176:5061;transport=tls";
....
t_relay();
What i observe is that , when client hello is sent by 10.211.160.172 to
10.211.160.176, i dont see Extension server_name being sent. Am i missing
anything. Please help !
5:21 p.m.
Hello,
you add two $xavp(tls=>...) with the operations you do, change to:
$xavp(tls=>server_name)="btip.176.com";
$xavp(tls[0]=>server_id)="btip.176.com";
so the server_id is added to the existing $xavp(tls->...) instead of
creating a new one that doesn have server_name.
Cheers,
Daniel
On 20.12.19 07:39, mahesh b wrote:
Hi ,
I further went thru the logs of kamailio, and i see the below
happening.
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with
outbound server name not found
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com <http://btip.176.com>
Its strange its able to find the client profile based on server_id
, but not able to find using the server_name
In tls_complete_init( )
if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
}
Am acting as client, so it will hit the else part
the call to sname = tls_get_connect_server_name(); //failed with
below logs
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with
outbound server name not found
the call to srvid = tls_get_connect_server_id(); // success with
below logs
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com <http://btip.176.com>
And futher down in the function : as sname is NULL, it is not setting
the server name extension in client hello message.
#ifndef OPENSSL_NO_TLSEXT
if (sname!=NULL) {
if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {
if (data->ssl)
SSL_free(data->ssl);
if (data->rwbio)
BIO_free(data->rwbio);
goto error;
}
LM_DBG("outbound TLS server name set to: %s\n", sname->s);
}
#endif
Am i missing anything here w.r.t configuration ? or is it a bug ?
which has been fixed in later versions ? Please help !!
Regards,
Mahesh.B
On Thu, Dec 19, 2019 at 5:53 PM mahesh b <mahesh.b.2487(a)gmail.com
<mailto:mahesh.b.2487@gmail.com>> wrote:
Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172)
----> kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an
outgoing tls connection to kamailio server 2, i have set the
server_name and server_id in the client profile in tls.cfg like
below on kamailio server 1
[client:default]
verify_certificate = no
require_certificate = no
server_name = mahesh.client.com <http://mahesh.client.com>
[client:10.211.160.172:5061 <http://10.211.160.172:5061>]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key =
/root/mahesh_openssl/profile2/btip_172_server_private.key
certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt
ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt
cipher_list = RSA
verify_depth = 9
server_name = btip.176.com <http://btip.176.com>
server_id = btip.176.com <http://btip.176.com>
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com <http://btip.176.com>";
$xavp(tls=>server_id)="btip.176.com <http://btip.176.com>";
$du = "sip:10.211.160.176:5061;transport=tls";
....
t_relay();
What i observe is that , when client hello is sent by
10.211.160.172 to 10.211.160.176, i dont see Extension server_name
being sent. Am i missing anything. Please help !
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
8:10 p.m.
New subject: CGRates Integration
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of
Kamailio v5.2.5 already working in production. I'm experiencing several
problems when Kamailio and CGRates communicates over evapi and exchanges
events via JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid
System and could then share some information like:
- what version of Kamailio\CGRates integrates fine?
- relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the
best for 2020.
Emanuele Federico
9:54 p.m.
New subject: CGRates Integration
Hi Emanuele,
Yes it's doable, not easy to put it all together at first. We have it
running in production, can't really share entire snippets of script/config
due to our company's policy.
# cgr-console --version
CGRateS 0.9.1~rc8 git+4030357 (2019-10-10T10:56:04+02:00)
# kamailio -v
version: kamailio 5.1.9
What challenges are you facing? May be post your troubles here and people
will try to help.
You must have read it already, there's a Kamailio integration tutorial at
https://cgrates.readthedocs.io/en/latest/tut_kamailio.html
Cheers.
On Fri, Dec 20, 2019 at 12:11 PM Emanuele Federico <kam.list(a)nhm.it> wrote:
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of Kamailio
v5.2.5 already working in production. I'm experiencing several problems
when Kamailio and CGRates communicates over evapi and exchanges events via
JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid
System and could then share some information like:
- what version of Kamailio\CGRates integrates fine?
- relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the
best for 2020.
Emanuele Federico
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
7 Jan
7 Jan
1:08 p.m.
New subject: CGRates Integration
Hi Sergiu,
thanks for your reply. With Kamailio v5.1.9 and CGRateS 0.9.1~rc8
git+fc97b08 (2020-01-02T16:01:14+01:00) all works fine!
I'm going to investigate in depth why Kamailio v5.2.5 does not able to
correctly parse messages coming from CGRates even if configuration are
the same over the two different version.
Could you please share the libev and libevent packages installed on your
environment?
Many thanks in advance.
Emanuele
Il 2019-12-20 19:54 Sergiu Pojoga ha scritto:
Hi Emanuele,
Yes it's doable, not easy to put it all together at first. We have it running in
production, can't really share entire snippets of script/config due to our
company's policy.
# cgr-console --version
CGRateS 0.9.1~rc8 git+4030357 (2019-10-10T10:56:04+02:00)
# kamailio -v
version: kamailio 5.1.9
What challenges are you facing? May be post your troubles here and people will try to
help.
You must have read it already, there's a Kamailio integration tutorial at
https://cgrates.readthedocs.io/en/latest/tut_kamailio.html
Cheers.
On Fri, Dec 20, 2019 at 12:11 PM Emanuele Federico <kam.list(a)nhm.it> wrote:
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of Kamailio v5.2.5
already working in production. I'm experiencing several problems when Kamailio and
CGRates communicates over evapi and exchanges events via JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid System and could
then share some information like:
- what version of Kamailio\CGRates integrates fine?
- relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the best for 2020.
Emanuele Federico
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
7:14 p.m.
New subject: CGRates Integration
Voila!
ii libev-dev 1:4.15-3
amd64 static library, header files, and
docs for libev
ii libevent-dev 2.0.21-stable-2+deb8u1
amd64 Asynchronous event notification
library (development files)
Also, your problem could be related to the max size of $jsonrpl(body)
discussed in the 2 threads below.
https://lists.kamailio.org/pipermail/sr-users/2019-October/107194.html
https://lists.kamailio.org/pipermail/sr-users/2019-October/107092.html
Cheers.
On Tue, Jan 7, 2020 at 5:08 AM Emanuele Federico <kam.list(a)nhm.it> wrote:
Hi Sergiu,
thanks for your reply. With Kamailio v5.1.9 and CGRateS 0.9.1~rc8
git+fc97b08 (2020-01-02T16:01:14+01:00) all works fine!
I'm going to investigate in depth why Kamailio v5.2.5 does not able to
correctly parse messages coming from CGRates even if configuration are the
same over the two different version.
Could you please share the libev and libevent packages installed on your
environment?
Many thanks in advance.
Emanuele
Il 2019-12-20 19:54 Sergiu Pojoga ha scritto:
Hi Emanuele,
Yes it's doable, not easy to put it all together at first. We have it
running in production, can't really share entire snippets of script/config
due to our company's policy.
# cgr-console --version
CGRateS 0.9.1~rc8 git+4030357 (2019-10-10T10:56:04+02:00)
# kamailio -v
version: kamailio 5.1.9
What challenges are you facing? May be post your troubles here and people
will try to help.
You must have read it already, there's a Kamailio integration tutorial at
https://cgrates.readthedocs.io/en/latest/tut_kamailio.html
Cheers.
On Fri, Dec 20, 2019 at 12:11 PM Emanuele Federico <kam.list(a)nhm.it>
wrote:
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of Kamailio
v5.2.5 already working in production. I'm experiencing several problems
when Kamailio and CGRates communicates over evapi and exchanges events via
JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid
System and could then share some information like:
- what version of Kamailio\CGRates integrates fine?
- relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the
best for 2020.
Emanuele Federico
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
24 Dec
24 Dec
9:11 a.m.
Thank you Daniel, That Resolved my problem.
It would be helpful if in this link
http://www.kamailio.org/docs/modules/5.1.x/modules/tls.html
In section 9.32. xavp_cfg (string)
the example can be updated from :
...
modparam("tls", "xavp_cfg", "tls")
...
$xavp(tls=>server_name) = "kamailio.org";
$xavp(tls=>server_id) = "kamailio.org";
$du = "sip:kamailio.org:5061;transport=tls";
route(RELAY);
...
to :
...
modparam("tls", "xavp_cfg", "tls")
...
$xavp(tls=>server_name) = "kamailio.org";
$xavp(tls[0]=>server_id) = "kamailio.org";
$du = "sip:kamailio.org:5061;transport=tls";
route(RELAY);
...
Regards,
Mahesh.B
On Fri, Dec 20, 2019 at 7:51 PM Daniel-Constantin Mierla <miconda(a)gmail.com>
wrote:
Hello,
you add two $xavp(tls=>...) with the operations you do, change to:
$xavp(tls=>server_name)="btip.176.com";
$xavp(tls[0]=>server_id)="btip.176.com";
so the server_id is added to the existing $xavp(tls->...) instead of
creating a new one that doesn have server_name.
Cheers,
Daniel
On 20.12.19 07:39, mahesh b wrote:
Hi ,
I further went thru the logs of kamailio, and i see the below
happening.
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound
server name not found
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com
Its strange its able to find the client profile based on server_id ,
but not able to find using the server_name
In tls_complete_init( )
if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
}
Am acting as client, so it will hit the else part
the call to sname = tls_get_connect_server_name(); //failed with below
logs
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with
outbound server name not found
the call to srvid = tls_get_connect_server_id(); // success with below
logs
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com
And futher down in the function : as sname is NULL, it is not setting the
server name extension in client hello message.
#ifndef OPENSSL_NO_TLSEXT
if (sname!=NULL) {
if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {
if (data->ssl)
SSL_free(data->ssl);
if (data->rwbio)
BIO_free(data->rwbio);
goto error;
}
LM_DBG("outbound TLS server name set to: %s\n", sname->s);
}
#endif
Am i missing anything here w.r.t configuration ? or is it a bug ? which
has been fixed in later versions ? Please help !!
Regards,
Mahesh.B
On Thu, Dec 19, 2019 at 5:53 PM mahesh b <mahesh.b.2487(a)gmail.com> wrote:
Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) ---->
kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an outgoing tls
connection to kamailio server 2, i have set the server_name and server_id
in the client profile in tls.cfg like below on kamailio server 1
[client:default]
verify_certificate = no
require_certificate = no
server_name = mahesh.client.com
[client:10.211.160.172:5061]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key
certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt
ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt
cipher_list = RSA
verify_depth = 9
server_name = btip.176.com
server_id = btip.176.com
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com";
$xavp(tls=>server_id)="btip.176.com";
$du = "sip:10.211.160.176:5061;transport=tls";
....
t_relay();
What i observe is that , when client hello is sent by 10.211.160.172 to
10.211.160.176, i dont see Extension server_name being sent. Am i missing
anything. Please help !
_______________________________________________
Kamailio (SER) - Users Mailing
Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda --
www.linkedin.com/in/miconda
Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
1783
days inactive
1802
days old
7 comments
4 participants
participants (4)
-
Daniel-Constantin Mierla -
Emanuele Federico -
mahesh b -
Sergiu Pojoga