Hello Chad, You can add a listen directive to your config for the virtual IPs (both public and private) and then you don't need to manually modify any headers or use force_send_socket(). You need to enable non local IP binding so kamailio can start on the server that doesn't have the virtual IP: echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind To make the change permanent, edit your sysctl.conf file and enable it there: net/ipv4/ip_nonlocal_bind = 1 Regards Ovidiu Sas On Sat, Jan 15, 2022 at 4:16 AM Chad <ccolumbu(a)hotmail.com> wrote: -- VoIP Embedded, Inc. http://www.voipembedded.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Hello Chad, The floating IPs that you have, are they both private IPs or one private IP and the other one a public IP? If you have to two floating private IPs, then you need a config like this: listen=FLOATING_UDP_PRIVATE1 advertise PUBLIC_UDP_IP listen=FLOATING_UDP_PRIVATE2 In the config, before relaying the initial INVITE you need to detect the direction of the call and set $fs accordingly: if (CAL_FROM_PRIVATE_TO_PUBLIC) { $fs = udp:FLOATING_UDP_PRIVATE1 } else { $fs = udp:FLOATING_UDP_PRIVATE2 } If you have a floating private IPs and a floating public IP, then you need a config like this: listen=FLOATING_UDP_PRIVATE listen=FLOATING_UDP_PUBLIC There should be no need to force the socket, but if you do, there's no harm (actually it's better and faster). Hope this clarifies things and helps, -ovidiu On Sat, Jan 15, 2022 at 9:48 AM Chad <ccolumbu(a)hotmail.com> wrote:

You have a different problem then. Having private IPs in Contact is fine. You need to lose route the calls (kamailio will add two Record-Route headers) and the origination server will set the RURI to the private IP from Contact, but it will send the in-dialog requests to the public IP of kamailio. This has nothing to do with virtual IPs. Maybe you have a buggy client that doesn't do proper loose routing. -ovidiu On Sat, Jan 15, 2022 at 11:50 AM Chad <ccolumbu(a)hotmail.com> wrote:

It doesn't look good because you have the public IP twice in the Record-Route header. You need to replace the listen=LISTEN_UDP_PRIVATE advertise MY_PUBLIC_IP:5060 with listen=LISTEN_UDP_PRIVATE advertise MY_PUBLIC_IP:5060 and all should be good. If your carrier is telling you that the IP address in Contact should be public, then you need to find an RFC compliant carrier (or mangle the Contact to make them happy). Most of the time I fight with them until they have this fixed. Sometimes it's a lost battle and you just need to hack your config to make it work. I have deployed kamailio using this setup and if you deal with RFC compliant end-point (carriers, softphones, hardphones) then all is good. -ovidiu On Sat, Jan 15, 2022 at 12:14 PM Chad <ccolumbu(a)hotmail.com> wrote: -- VoIP Embedded, Inc. http://www.voipembedded.com

Hmm, I don't think you are right that the Contact header can be a private IP even if the RR is correct. I did some research on it and I found several places saying it must be a routable IP which is what the carrier also said. "The Contact header contains the SIP URI where the client wants to be contacted for subsequent requests. That means that the host part of the URI must be globally reachable by anyone. If your contact contains a private IP (behind a NAT?) then it is wrong, because other peers cannot reach you with that." -- ^C On 1/15/22 9:05 AM, Ovidiu Sas wrote: > You have a different problem then. > Having private IPs in Contact is fine. You need to lose route the > calls (kamailio will add two Record-Route headers) and the origination > server will set the RURI to the private IP from Contact, but it will > send the in-dialog requests to the public IP of kamailio. This has > nothing to do with virtual IPs. > Maybe you have a buggy client that doesn't do proper loose routing. > > -ovidiu > > On Sat, Jan 15, 2022 at 11:50 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >> >> Ovidiu, >> Thank you again for your response. >> One is public (an internet IP) and one is private (a 10.x ip). >> Apparently this is a known problem with virtual IPs, it does not work. >> When the asterisk server responds to the invite it sends a contact header with the private IP and Kamailio does not >> rewrite it to the advertised public IP. So the originating server sees the private IP in the Contact header and tries to >> send the traffic to the 10.x IP (which is non-routable) and the call dies. >> I have been trying things for a long time to fix this (years) what you are saying will not fix it because of the virtual >> IPs. >> If it was a normal IP it would work fine. It has something to do with the routing table and how mhomed detects networks. >> >> -- >> ^C >> >> >> On 1/15/22 8:36 AM, Ovidiu Sas wrote: >>> Hello Chad, >>> >>> The floating IPs that you have, are they both private IPs or one >>> private IP and the other one a public IP? >>> >>> If you have to two floating private IPs, then you need a config like this: >>> listen=FLOATING_UDP_PRIVATE1 advertise PUBLIC_UDP_IP >>> listen=FLOATING_UDP_PRIVATE2 >>> >>> In the config, before relaying the initial INVITE you need to detect >>> the direction of the call and set $fs accordingly: >>> if (CAL_FROM_PRIVATE_TO_PUBLIC) { >>> $fs = udp:FLOATING_UDP_PRIVATE1 >>> } >>> else { >>> $fs = udp:FLOATING_UDP_PRIVATE2 >>> } >>> >>> If you have a floating private IPs and a floating public IP, then you >>> need a config like this: >>> listen=FLOATING_UDP_PRIVATE >>> listen=FLOATING_UDP_PUBLIC >>> >>> There should be no need to force the socket, but if you do, there's no >>> harm (actually it's better and faster). >>> >>> Hope this clarifies things and helps, >>> -ovidiu >>> >>> On Sat, Jan 15, 2022 at 9:48 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>> >>>> Ovidiu, >>>> Thank you for your response. >>>> >>>> I have done that, in addition to the linux ip_nonlocal_bind I have also set the Kamailio ip_free_bind=1 and it does not >>>> work. >>>> Here are my relevant config lines: >>>> listen=LISTEN_UDP_PRIVATE advertise MY_PUBLIC_IP:5060 >>>> listen=LISTEN_UDP_PUBLIC >>>> >>>> mhomed=1 >>>> ip_free_bind=1 >>>> >>>> >>>> In my /etc/sysctl.conf I have (yes I applied it with sysctl -p, and I have been using it for a long time and have >>>> rebooted as well): >>>> net.ipv4.ip_nonlocal_bind=1 >>>> -- >>>> ^C >>>> >>>> >>>> On 1/15/22 4:55 AM, Ovidiu Sas wrote: >>>>> Hello Chad, >>>>> >>>>> You can add a listen directive to your config for the virtual IPs >>>>> (both public and private) and then you don't need to manually modify >>>>> any headers or use force_send_socket(). >>>>> You need to enable non local IP binding so kamailio can start on the >>>>> server that doesn't have the virtual IP: >>>>> echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind >>>>> To make the change permanent, edit your sysctl.conf file and enable it there: >>>>> net/ipv4/ip_nonlocal_bind = 1 >>>>> >>>>> Regards >>>>> Ovidiu Sas >>>>> >>>>> >>>>> On Sat, Jan 15, 2022 at 4:16 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>>>> >>>>>> We are looking for some help (possibly a paid consultant) to help us with our Kamailio setup. >>>>>> To keep this as short as possible: we use Kamailio as a NAT proxy to bridge our external IP and our private IP asterisk >>>>>> servers (via dispatcher). >>>>>> However both the external IP and the internal IP that the Kamailio server uses are virtual IPs created by keepalived. >>>>>> Because of that neither mhomed nor fix_nated_contact work, and we use force_send_socket to direct the traffic. >>>>>> We run linux Debian 10 for the OS. >>>>>> Also we do not use a DB at all, everything is done with local config files. >>>>>> >>>>>> The problem is that when traffic goes out the Contact header has a private IP in it, like: >>>>>> Contact: <sip:##########@10.10.10.###]:5060> >>>>>> >>>>>> There are 2 possible solutions to this: >>>>>> 1. Make changes to linux, keepalived and/or Kamailio so that Kamailio recognize the virtual IPs so that mhomed and >>>>>> fix_nated_contact work as usual. >>>>>> >>>>>> 2. Create a manual header rewrite system. >>>>>> >>>>>> If solution #2: >>>>>> What we need to do is create a way to rewrite the contact header to the external IP on the way out, and on the way back >>>>>> rewrite it back to the internal server that the call is already connected to. >>>>>> >>>>>> Not sure if we will need to store those paths on the server or if we can do some kind of cheat with another persistant >>>>>> header like P-Preferred-Identity or P-Asserted-Identity (i.e. store the internal IP in the name field or something). >>>>>> >>>>>> If anyone out there know of a way to do this or wants to give it a try please reach out to me. >>>>>> >>>>>> Thank you all for your time. >>>>>> >>>>>> -- >>>>>> ^C >>>>>> Chad >>>>>> >>>>>> __________________________________________________________ >>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>> * sr-users(a)lists.kamailio.org >>>>>> Important: keep the mailing list in the recipients, do not reply only to the sender! >>>>>> Edit mailing list options or unsubscribe: >>>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>>> >>>>> >>>>> -- >>>>> VoIP Embedded, Inc. >>>>> http://www.voipembedded.com >>>>> >>>>> __________________________________________________________ >>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>> * sr-users(a)lists.kamailio.org >>>>> Important: keep the mailing list in the recipients, do not reply only to the sender! >>>>> Edit mailing list options or unsubscribe: >>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >>> >>> > > >

I changed the listen per your advice and here is the 200 and ACK. I get no audio and the the call disconnects and I see this is the Asterisk log: [Jan 15 10:17:13] WARNING[29953] chan_sip.c: Retransmission timeout reached on transmission 5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060 for seqno 102 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 6401ms with no response [Jan 15 10:17:13] WARNING[29953] chan_sip.c: Hanging up call 5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060 - no reply to our critical packet (see https://wiki.asterisk.org/wik FYI 10.###.###.254 is the private virtual IP on the Kamailio server and 10.###.###.104 is the asterisk box. SIP/2.0 200 OK Via: SIP/2.0/UDP 64.###.###.###:5060;branch=z9hG4bK26ab.5547ac15.0 Via: SIP/2.0/UDP 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK6gj48a00dolcl3jm2gq0.1 Record-Route: <sip:10.###.###.254;r2=on;lr=on;ftag=as04035ef0> Record-Route: <sip:209.###.###.###;r2=on;lr=on;ftag=as04035ef0> Record-Route: <sip:64.###.###.###;lr;ftag=as04035ef0> From: "Anonymous" <sip:anonymous@anonymous.invalid:5060>;tag=as04035ef0 To: <sip:928#######@64.###.###.###:5060>;tag=as7047ed05 Call-ID: 5ab1525b3712f34c2ab272ae55e649e5@10.44.###.###:5060 CSeq: 102 INVITE Server: Asterisk PBX 16.18.0 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer Contact: <sip:928#######@10.###.###.104:5060> Content-Type: application/sdp Content-Length: 274 v=0 o=root 1911037741 1911037741 IN IP4 209.###.###.### s=Asterisk PBX 16.18.0 c=IN IP4 209.###.###.### t=0 0 m=audio 11384 RTP/AVP 0 101 a=rtpmap:0 PCMU/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:20 a=maxptime:150 a=sendrecv a=nortpproxy:yes ACK sip:928#######@209.###.###.###:5060 SIP/2.0 Via: SIP/2.0/UDP 64.###.###.###:5060;branch=z9hG4bK26ab.5547ac15.2 Via: SIP/2.0/UDP 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK91l3it006gr9oiulcqn0.1 Max-Forwards: 67 From: "Anonymous" <sip:anonymous@anonymous.invalid:5060>;tag=as04035ef0 To: <sip:928#######@64.###.###.###:5060>;tag=as7047ed05 Contact: <sip:anonymous@206.###.###.###:5060;transport=udp> Call-ID: 5ab1525b3712f34c2ab272ae55e649e5@10.44.###.###:5060 CSeq: 102 ACK User-Agent: packetrino Content-Length: 0 Route: <sip:209.###.###.###;r2=on;lr=on;ftag=as04035ef0> Route: <sip:10.###.###.254;r2=on;lr=on;ftag=as04035ef0> -- ^C On 1/15/22 10:21 AM, Ovidiu Sas wrote: > This is false. The IP in the Contact header must be routable by the > SIP hop from the top Record-Route header in the reply. > The carrier (and it seems that they have a PROXY also) must be able to > route to their adjacent SIP hop, which is your public IP (the IP in > the second Record-Route header). > It seems that the carrier is not taking into account that they might > interface with other proxies. > Most likely, your carrier expects to interface with a simple SIP UA, > not with another proxy. This is a pretty common setup for most of the > carriers, although many new carrier implementations are taking care of > the proxy to proxy calls. > > It would be helpful to see the ACK that is sent by the carrier in > response to your 200ok (after you fix your config and you have your > private IP listed in the Record-Route header). > > -ovidiu > > On Sat, Jan 15, 2022 at 12:33 PM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >> >> Hmm, I don't think you are right that the Contact header can be a private IP even if the RR is correct. >> I did some research on it and I found several places saying it must be a routable IP which is what the carrier also said. >> >> "The Contact header contains the SIP URI where the client wants to be contacted for subsequent requests. That means that >> the host part of the URI must be globally reachable by anyone. >> If your contact contains a private IP (behind a NAT?) then it is wrong, because other peers cannot reach you with that." >> >> >> -- >> ^C >> >> >> On 1/15/22 9:05 AM, Ovidiu Sas wrote: >>> You have a different problem then. >>> Having private IPs in Contact is fine. You need to lose route the >>> calls (kamailio will add two Record-Route headers) and the origination >>> server will set the RURI to the private IP from Contact, but it will >>> send the in-dialog requests to the public IP of kamailio. This has >>> nothing to do with virtual IPs. >>> Maybe you have a buggy client that doesn't do proper loose routing. >>> >>> -ovidiu >>> >>> On Sat, Jan 15, 2022 at 11:50 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>> >>>> Ovidiu, >>>> Thank you again for your response. >>>> One is public (an internet IP) and one is private (a 10.x ip). >>>> Apparently this is a known problem with virtual IPs, it does not work. >>>> When the asterisk server responds to the invite it sends a contact header with the private IP and Kamailio does not >>>> rewrite it to the advertised public IP. So the originating server sees the private IP in the Contact header and tries to >>>> send the traffic to the 10.x IP (which is non-routable) and the call dies. >>>> I have been trying things for a long time to fix this (years) what you are saying will not fix it because of the virtual >>>> IPs. >>>> If it was a normal IP it would work fine. It has something to do with the routing table and how mhomed detects networks. >>>> >>>> -- >>>> ^C >>>> >>>> >>>> On 1/15/22 8:36 AM, Ovidiu Sas wrote: >>>>> Hello Chad, >>>>> >>>>> The floating IPs that you have, are they both private IPs or one >>>>> private IP and the other one a public IP? >>>>> >>>>> If you have to two floating private IPs, then you need a config like this: >>>>> listen=FLOATING_UDP_PRIVATE1 advertise PUBLIC_UDP_IP >>>>> listen=FLOATING_UDP_PRIVATE2 >>>>> >>>>> In the config, before relaying the initial INVITE you need to detect >>>>> the direction of the call and set $fs accordingly: >>>>> if (CAL_FROM_PRIVATE_TO_PUBLIC) { >>>>> $fs = udp:FLOATING_UDP_PRIVATE1 >>>>> } >>>>> else { >>>>> $fs = udp:FLOATING_UDP_PRIVATE2 >>>>> } >>>>> >>>>> If you have a floating private IPs and a floating public IP, then you >>>>> need a config like this: >>>>> listen=FLOATING_UDP_PRIVATE >>>>> listen=FLOATING_UDP_PUBLIC >>>>> >>>>> There should be no need to force the socket, but if you do, there's no >>>>> harm (actually it's better and faster). >>>>> >>>>> Hope this clarifies things and helps, >>>>> -ovidiu >>>>> >>>>> On Sat, Jan 15, 2022 at 9:48 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>>>> >>>>>> Ovidiu, >>>>>> Thank you for your response. >>>>>> >>>>>> I have done that, in addition to the linux ip_nonlocal_bind I have also set the Kamailio ip_free_bind=1 and it does not >>>>>> work. >>>>>> Here are my relevant config lines: >>>>>> listen=LISTEN_UDP_PRIVATE advertise MY_PUBLIC_IP:5060 >>>>>> listen=LISTEN_UDP_PUBLIC >>>>>> >>>>>> mhomed=1 >>>>>> ip_free_bind=1 >>>>>> >>>>>> >>>>>> In my /etc/sysctl.conf I have (yes I applied it with sysctl -p, and I have been using it for a long time and have >>>>>> rebooted as well): >>>>>> net.ipv4.ip_nonlocal_bind=1 >>>>>> -- >>>>>> ^C >>>>>> >>>>>> >>>>>> On 1/15/22 4:55 AM, Ovidiu Sas wrote: >>>>>>> Hello Chad, >>>>>>> >>>>>>> You can add a listen directive to your config for the virtual IPs >>>>>>> (both public and private) and then you don't need to manually modify >>>>>>> any headers or use force_send_socket(). >>>>>>> You need to enable non local IP binding so kamailio can start on the >>>>>>> server that doesn't have the virtual IP: >>>>>>> echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind >>>>>>> To make the change permanent, edit your sysctl.conf file and enable it there: >>>>>>> net/ipv4/ip_nonlocal_bind = 1 >>>>>>> >>>>>>> Regards >>>>>>> Ovidiu Sas >>>>>>> >>>>>>> >>>>>>> On Sat, Jan 15, 2022 at 4:16 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>>>>>> >>>>>>>> We are looking for some help (possibly a paid consultant) to help us with our Kamailio setup. >>>>>>>> To keep this as short as possible: we use Kamailio as a NAT proxy to bridge our external IP and our private IP asterisk >>>>>>>> servers (via dispatcher). >>>>>>>> However both the external IP and the internal IP that the Kamailio server uses are virtual IPs created by keepalived. >>>>>>>> Because of that neither mhomed nor fix_nated_contact work, and we use force_send_socket to direct the traffic. >>>>>>>> We run linux Debian 10 for the OS. >>>>>>>> Also we do not use a DB at all, everything is done with local config files. >>>>>>>> >>>>>>>> The problem is that when traffic goes out the Contact header has a private IP in it, like: >>>>>>>> Contact: <sip:##########@10.10.10.###]:5060> >>>>>>>> >>>>>>>> There are 2 possible solutions to this: >>>>>>>> 1. Make changes to linux, keepalived and/or Kamailio so that Kamailio recognize the virtual IPs so that mhomed and >>>>>>>> fix_nated_contact work as usual. >>>>>>>> >>>>>>>> 2. Create a manual header rewrite system. >>>>>>>> >>>>>>>> If solution #2: >>>>>>>> What we need to do is create a way to rewrite the contact header to the external IP on the way out, and on the way back >>>>>>>> rewrite it back to the internal server that the call is already connected to. >>>>>>>> >>>>>>>> Not sure if we will need to store those paths on the server or if we can do some kind of cheat with another persistant >>>>>>>> header like P-Preferred-Identity or P-Asserted-Identity (i.e. store the internal IP in the name field or something). >>>>>>>> >>>>>>>> If anyone out there know of a way to do this or wants to give it a try please reach out to me. >>>>>>>> >>>>>>>> Thank you all for your time. >>>>>>>> >>>>>>>> -- >>>>>>>> ^C >>>>>>>> Chad >>>>>>>> >>>>>>>> __________________________________________________________ >>>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>>>> * sr-users(a)lists.kamailio.org >>>>>>>> Important: keep the mailing list in the recipients, do not reply only to the sender! >>>>>>>> Edit mailing list options or unsubscribe: >>>>>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> VoIP Embedded, Inc. >>>>>>> http://www.voipembedded.com >>>>>>> >>>>>>> __________________________________________________________ >>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>>> * sr-users(a)lists.kamailio.org >>>>>>> Important: keep the mailing list in the recipients, do not reply only to the sender! >>>>>>> Edit mailing list options or unsubscribe: >>>>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>>> >>>>> >>> >>> >>> > > >

As expected, your carrier is bogus and "thinks" it knows better. Your carrier is treating your setup as a dumb endpoint and is re-writing the Contact header: You provide this contact header in 200 OK: Contact: <sip:928#######@10.###.###.104:5060> The carrier should set the RURI in ACK like this: ACK sip:928#######@10.###.###.104:5060 SIP/2.0 Instead, your ACK is sent to you like this: ACK sip:928#######@209.###.###.###:5060 SIP/2.0 The RURI in ACK should point to the private IP of the asterisk server, not to the public IP of the kamailio server. You need to ask the carrier to follow the SIP RFC and not treat your endpoints like dumb SIP endpoints. There's a high chance that they won't do it :) Your best chance is to manually mangle the URI in Contact in the 200 OK in a way that when you receive the ACK with the mangled RURI, you can restore the original URI and let kamailio do the proper routing to the private IP of the asterisk serverr. You should be able to achieve this by using one of the following functions: https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.enco… https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.en… https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.co… Regards, Ovidiu Sas On Sat, Jan 15, 2022 at 1:28 PM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote:

Ok so in short I was not doing anything wrong (although I had some miss-configurations), but the carrier is (i.e. they are a bad actor). When they said I was doing it wrong, they did not mean in the RFC sense they meant in the "to work with us" sense. Now in order for me to get it to work with their SBC I have to mangle the contact on the way out an unmangle it on the return in Kamailio somehow, as I originally purposed. However I have no idea how to do that :) Shouldn't we (the Kamailio community) assume there are lots of bad actors out there and possibly many Kamailio users with this exact same issue (I personally know of at least 2 bad actor carriers right now) and create some kind of template or snippet that we can publicly publish on the Kamailio docs or wiki for all of the Kamailio community to use for this use case? I have been fighting with carriers about this for years and they always said I was doing it wrong and I don't know the SIP RFC well enough to fight back. So why not build a solution for everyone out there that has to deal with a bad actor? -- ^C On 1/15/22 11:40 AM, Ovidiu Sas wrote: > As expected, your carrier is bogus and "thinks" it knows better. > Your carrier is treating your setup as a dumb endpoint and is > re-writing the Contact header: > You provide this contact header in 200 OK: > Contact: <sip:928#######@10.###.###.104:5060> > The carrier should set the RURI in ACK like this: > ACK sip:928#######@10.###.###.104:5060 SIP/2.0 > Instead, your ACK is sent to you like this: > ACK sip:928#######@209.###.###.###:5060 SIP/2.0 > > The RURI in ACK should point to the private IP of the asterisk server, > not to the public IP of the kamailio server. > You need to ask the carrier to follow the SIP RFC and not treat your > endpoints like dumb SIP endpoints. > > There's a high chance that they won't do it :) > Your best chance is to manually mangle the URI in Contact in the 200 > OK in a way that when you receive the ACK with the mangled RURI, you > can restore the original URI and let kamailio do the proper routing to > the private IP of the asterisk serverr. > You should be able to achieve this by using one of the following functions: > https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.enco… > https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.en… > https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.co… > > Regards, > Ovidiu Sas > > On Sat, Jan 15, 2022 at 1:28 PM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >> >> I changed the listen per your advice and here is the 200 and ACK. >> I get no audio and the the call disconnects and I see this is the Asterisk log: >> [Jan 15 10:17:13] WARNING[29953] chan_sip.c: Retransmission timeout reached on transmission >> 5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060 for seqno 102 (Critical Response) -- See >> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions >> Packet timed out after 6401ms with no response >> [Jan 15 10:17:13] WARNING[29953] chan_sip.c: Hanging up call 5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060 - no >> reply to our critical packet (see https://wiki.asterisk.org/wik >> >> FYI 10.###.###.254 is the private virtual IP on the Kamailio server and 10.###.###.104 is the asterisk box. >> >> SIP/2.0 200 OK >> Via: SIP/2.0/UDP 64.###.###.###:5060;branch=z9hG4bK26ab.5547ac15.0 >> Via: SIP/2.0/UDP 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK6gj48a00dolcl3jm2gq0.1 >> Record-Route: <sip:10.###.###.254;r2=on;lr=on;ftag=as04035ef0> >> Record-Route: <sip:209.###.###.###;r2=on;lr=on;ftag=as04035ef0> >> Record-Route: <sip:64.###.###.###;lr;ftag=as04035ef0> >> From: "Anonymous" <sip:anonymous@anonymous.invalid:5060>;tag=as04035ef0 >> To: <sip:928#######@64.###.###.###:5060>;tag=as7047ed05 >> Call-ID: 5ab1525b3712f34c2ab272ae55e649e5@10.44.###.###:5060 >> CSeq: 102 INVITE >> Server: Asterisk PBX 16.18.0 >> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE >> Supported: replaces, timer >> Contact: <sip:928#######@10.###.###.104:5060> >> Content-Type: application/sdp >> Content-Length: 274 >> >> v=0 >> o=root 1911037741 1911037741 IN IP4 209.###.###.### >> s=Asterisk PBX 16.18.0 >> c=IN IP4 209.###.###.### >> t=0 0 >> m=audio 11384 RTP/AVP 0 101 >> a=rtpmap:0 PCMU/8000 >> a=rtpmap:101 telephone-event/8000 >> a=fmtp:101 0-16 >> a=ptime:20 >> a=maxptime:150 >> a=sendrecv >> a=nortpproxy:yes >> >> ACK sip:928#######@209.###.###.###:5060 SIP/2.0 >> Via: SIP/2.0/UDP 64.###.###.###:5060;branch=z9hG4bK26ab.5547ac15.2 >> Via: SIP/2.0/UDP 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK91l3it006gr9oiulcqn0.1 >> Max-Forwards: 67 >> From: "Anonymous" <sip:anonymous@anonymous.invalid:5060>;tag=as04035ef0 >> To: <sip:928#######@64.###.###.###:5060>;tag=as7047ed05 >> Contact: <sip:anonymous@206.###.###.###:5060;transport=udp> >> Call-ID: 5ab1525b3712f34c2ab272ae55e649e5@10.44.###.###:5060 >> CSeq: 102 ACK >> User-Agent: packetrino >> Content-Length: 0 >> Route: <sip:209.###.###.###;r2=on;lr=on;ftag=as04035ef0> >> Route: <sip:10.###.###.254;r2=on;lr=on;ftag=as04035ef0> >> >> >> -- >> ^C >> >> >> On 1/15/22 10:21 AM, Ovidiu Sas wrote: >>> This is false. The IP in the Contact header must be routable by the >>> SIP hop from the top Record-Route header in the reply. >>> The carrier (and it seems that they have a PROXY also) must be able to >>> route to their adjacent SIP hop, which is your public IP (the IP in >>> the second Record-Route header). >>> It seems that the carrier is not taking into account that they might >>> interface with other proxies. >>> Most likely, your carrier expects to interface with a simple SIP UA, >>> not with another proxy. This is a pretty common setup for most of the >>> carriers, although many new carrier implementations are taking care of >>> the proxy to proxy calls. >>> >>> It would be helpful to see the ACK that is sent by the carrier in >>> response to your 200ok (after you fix your config and you have your >>> private IP listed in the Record-Route header). >>> >>> -ovidiu >>> >>> On Sat, Jan 15, 2022 at 12:33 PM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>> >>>> Hmm, I don't think you are right that the Contact header can be a private IP even if the RR is correct. >>>> I did some research on it and I found several places saying it must be a routable IP which is what the carrier also said. >>>> >>>> "The Contact header contains the SIP URI where the client wants to be contacted for subsequent requests. That means that >>>> the host part of the URI must be globally reachable by anyone. >>>> If your contact contains a private IP (behind a NAT?) then it is wrong, because other peers cannot reach you with that." >>>> >>>> >>>> -- >>>> ^C >>>> >>>> >>>> On 1/15/22 9:05 AM, Ovidiu Sas wrote: >>>>> You have a different problem then. >>>>> Having private IPs in Contact is fine. You need to lose route the >>>>> calls (kamailio will add two Record-Route headers) and the origination >>>>> server will set the RURI to the private IP from Contact, but it will >>>>> send the in-dialog requests to the public IP of kamailio. This has >>>>> nothing to do with virtual IPs. >>>>> Maybe you have a buggy client that doesn't do proper loose routing. >>>>> >>>>> -ovidiu >>>>> >>>>> On Sat, Jan 15, 2022 at 11:50 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>>>> >>>>>> Ovidiu, >>>>>> Thank you again for your response. >>>>>> One is public (an internet IP) and one is private (a 10.x ip). >>>>>> Apparently this is a known problem with virtual IPs, it does not work. >>>>>> When the asterisk server responds to the invite it sends a contact header with the private IP and Kamailio does not >>>>>> rewrite it to the advertised public IP. So the originating server sees the private IP in the Contact header and tries to >>>>>> send the traffic to the 10.x IP (which is non-routable) and the call dies. >>>>>> I have been trying things for a long time to fix this (years) what you are saying will not fix it because of the virtual >>>>>> IPs. >>>>>> If it was a normal IP it would work fine. It has something to do with the routing table and how mhomed detects networks. >>>>>> >>>>>> -- >>>>>> ^C >>>>>> >>>>>> >>>>>> On 1/15/22 8:36 AM, Ovidiu Sas wrote: >>>>>>> Hello Chad, >>>>>>> >>>>>>> The floating IPs that you have, are they both private IPs or one >>>>>>> private IP and the other one a public IP? >>>>>>> >>>>>>> If you have to two floating private IPs, then you need a config like this: >>>>>>> listen=FLOATING_UDP_PRIVATE1 advertise PUBLIC_UDP_IP >>>>>>> listen=FLOATING_UDP_PRIVATE2 >>>>>>> >>>>>>> In the config, before relaying the initial INVITE you need to detect >>>>>>> the direction of the call and set $fs accordingly: >>>>>>> if (CAL_FROM_PRIVATE_TO_PUBLIC) { >>>>>>> $fs = udp:FLOATING_UDP_PRIVATE1 >>>>>>> } >>>>>>> else { >>>>>>> $fs = udp:FLOATING_UDP_PRIVATE2 >>>>>>> } >>>>>>> >>>>>>> If you have a floating private IPs and a floating public IP, then you >>>>>>> need a config like this: >>>>>>> listen=FLOATING_UDP_PRIVATE >>>>>>> listen=FLOATING_UDP_PUBLIC >>>>>>> >>>>>>> There should be no need to force the socket, but if you do, there's no >>>>>>> harm (actually it's better and faster). >>>>>>> >>>>>>> Hope this clarifies things and helps, >>>>>>> -ovidiu >>>>>>> >>>>>>> On Sat, Jan 15, 2022 at 9:48 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>>>>>> >>>>>>>> Ovidiu, >>>>>>>> Thank you for your response. >>>>>>>> >>>>>>>> I have done that, in addition to the linux ip_nonlocal_bind I have also set the Kamailio ip_free_bind=1 and it does not >>>>>>>> work. >>>>>>>> Here are my relevant config lines: >>>>>>>> listen=LISTEN_UDP_PRIVATE advertise MY_PUBLIC_IP:5060 >>>>>>>> listen=LISTEN_UDP_PUBLIC >>>>>>>> >>>>>>>> mhomed=1 >>>>>>>> ip_free_bind=1 >>>>>>>> >>>>>>>> >>>>>>>> In my /etc/sysctl.conf I have (yes I applied it with sysctl -p, and I have been using it for a long time and have >>>>>>>> rebooted as well): >>>>>>>> net.ipv4.ip_nonlocal_bind=1 >>>>>>>> -- >>>>>>>> ^C >>>>>>>> >>>>>>>> >>>>>>>> On 1/15/22 4:55 AM, Ovidiu Sas wrote: >>>>>>>>> Hello Chad, >>>>>>>>> >>>>>>>>> You can add a listen directive to your config for the virtual IPs >>>>>>>>> (both public and private) and then you don't need to manually modify >>>>>>>>> any headers or use force_send_socket(). >>>>>>>>> You need to enable non local IP binding so kamailio can start on the >>>>>>>>> server that doesn't have the virtual IP: >>>>>>>>> echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind >>>>>>>>> To make the change permanent, edit your sysctl.conf file and enable it there: >>>>>>>>> net/ipv4/ip_nonlocal_bind = 1 >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> Ovidiu Sas >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sat, Jan 15, 2022 at 4:16 AM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>>>>>>>> >>>>>>>>>> We are looking for some help (possibly a paid consultant) to help us with our Kamailio setup. >>>>>>>>>> To keep this as short as possible: we use Kamailio as a NAT proxy to bridge our external IP and our private IP asterisk >>>>>>>>>> servers (via dispatcher). >>>>>>>>>> However both the external IP and the internal IP that the Kamailio server uses are virtual IPs created by keepalived. >>>>>>>>>> Because of that neither mhomed nor fix_nated_contact work, and we use force_send_socket to direct the traffic. >>>>>>>>>> We run linux Debian 10 for the OS. >>>>>>>>>> Also we do not use a DB at all, everything is done with local config files. >>>>>>>>>> >>>>>>>>>> The problem is that when traffic goes out the Contact header has a private IP in it, like: >>>>>>>>>> Contact: <sip:##########@10.10.10.###]:5060> >>>>>>>>>> >>>>>>>>>> There are 2 possible solutions to this: >>>>>>>>>> 1. Make changes to linux, keepalived and/or Kamailio so that Kamailio recognize the virtual IPs so that mhomed and >>>>>>>>>> fix_nated_contact work as usual. >>>>>>>>>> >>>>>>>>>> 2. Create a manual header rewrite system. >>>>>>>>>> >>>>>>>>>> If solution #2: >>>>>>>>>> What we need to do is create a way to rewrite the contact header to the external IP on the way out, and on the way back >>>>>>>>>> rewrite it back to the internal server that the call is already connected to. >>>>>>>>>> >>>>>>>>>> Not sure if we will need to store those paths on the server or if we can do some kind of cheat with another persistant >>>>>>>>>> header like P-Preferred-Identity or P-Asserted-Identity (i.e. store the internal IP in the name field or something). >>>>>>>>>> >>>>>>>>>> If anyone out there know of a way to do this or wants to give it a try please reach out to me. >>>>>>>>>> >>>>>>>>>> Thank you all for your time. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> ^C >>>>>>>>>> Chad >>>>>>>>>> >>>>>>>>>> __________________________________________________________ >>>>>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>>>>>> * sr-users(a)lists.kamailio.org >>>>>>>>>> Important: keep the mailing list in the recipients, do not reply only to the sender! >>>>>>>>>> Edit mailing list options or unsubscribe: >>>>>>>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> VoIP Embedded, Inc. >>>>>>>>> http://www.voipembedded.com >>>>>>>>> >>>>>>>>> __________________________________________________________ >>>>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>>>>> * sr-users(a)lists.kamailio.org >>>>>>>>> Important: keep the mailing list in the recipients, do not reply only to the sender! >>>>>>>>> Edit mailing list options or unsubscribe: >>>>>>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> >>> >>> >>> > > >

I found a sample config file using topoh, which I copied (with some changes) and added the topoh module to my config. It works fine, but it does not solve the problem. In fact it has the exact same problem, because all the topoh module does is replace one private IP with another in the 2nd (top most) Record-Route header. So the carrier still changes the ACK to the public IP and the call is still broken in the exact same way. It was super easy to add, but does not work, 1 possible solution down. -- ^C On 1/16/22 8:26 AM, Ovidiu Sas wrote: breakage. miss-configurations), but the carrier is (i.e. they mean in the RFC sense they meant in the "to work have to mangle the contact on the way out an actors out there and possibly many Kamailio users carriers right now) and create some kind of or wiki for all of the Kamailio community to use said I was doing it wrong and I don't know the everyone out there that has to deal with a bad actor? functions: https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.enco… https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.en… https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.co… >>> Regards, >>> Ovidiu Sas >>> On Sat, Jan 15, 2022 at 1:28 PM Chad &lt;ccolumbu(a)hotmail.com&gt; wrote: >>>> >>>> I changed the listen per your advice and here is the 200 and ACK. >>>> I get no audio and the the call disconnects and I see this is the Asterisk log: reached on transmission (Critical Response) -- See 5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060 - no and 10.###.###.104 is the asterisk box. 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK6gj48a00dolcl3jm2gq0.1 :5060>;tag=as04035ef0 INFO, PUBLISH, MESSAGE 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK91l3it006gr9oiulcqn0.1 :5060>;tag=as04035ef0 to of private IP even if the RR is correct. be a routable IP which is what the carrier also said. be contacted for subsequent requests. That means that wrong, because other peers cannot reach you with that." origination will wrote: work. contact header with the private IP and Kamailio does not sees the private IP in the Contact header and tries to call dies. what you are saying will not fix it because of the virtual with the routing table and how mhomed detects networks. like this: detect then you there's no wrote: have also set the Kamailio ip_free_bind=1 and it does not and I have been using it for a long time and have IPs modify on the enable it there: wrote: help us with our Kamailio setup. proxy to bridge our external IP and our private IP asterisk Kamailio server uses are virtual IPs created by keepalived. and we use force_send_socket to direct the traffic. config files. has a private IP in it, like: <http://10.10.10.#%23%23]:5060>> Kamailio recognize the virtual IPs so that mhomed and header to the external IP on the way out, and on the way back already connected to. or if we can do some kind of cheat with another persistant store the internal IP in the name field or something). it a try please reach out to me. reply only to the sender! https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users reply only to the sender! https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> > > >

Yes I am using a 172.16.x.x IP and it works, it rewrites the headers, but again because 172.16.x.x is also a private IP it is the same as using my real 10.x.x.x IP. The carrier's ACK throws away the local IP and sends the response to my 209.x external IP. -- ^C On 1/16/22 1:38 PM, Ovidiu Sas wrote: https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask… https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask… ccolumbu(a)hotmail.com&gt;&gt; wrote: changes) and added the topoh module to my config. does is replace one private IP with another in the is still broken in the exact same way. down. side their breakage. exactly the the <mailto:ccolumbu@hotmail.com>> wrote: some miss-configurations), but the carrier is not mean in the RFC sense they meant in the "to work SBC I have to mangle the contact on the way out an purposed. bad actors out there and possibly many Kamailio users actor carriers right now) and create some kind of docs or wiki for all of the Kamailio community always said I was doing it wrong and I don't for everyone out there that has to deal with a server, your the 200 RURI, you routing to following functions: https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.enco… https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.enco… > https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.en… https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.en… > https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.co… https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.co… > > >>> Regards, > >>> Ovidiu Sas > >>> On Sat, Jan 15, 2022 at 1:28 PM Chad &lt;ccolumbu(a)hotmail.com <mailto:ccolumbu@hotmail.com>> wrote: ACK. the Asterisk log: timeout reached on transmission seqno 102 (Critical Response) -- See http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060> - no https://wiki.asterisk.org/wik <https://wiki.asterisk.org/wik> server and 10.###.###.104 is the asterisk box. 64.###.###.###:5060;branch=z9hG4bK26ab.5547ac15.0 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK6gj48a00dolcl3jm2gq0.1 :5060>;tag=as04035ef0 NOTIFY, INFO, PUBLISH, MESSAGE > >>>> Supported: replaces, timer > >>>> Contact: <sip:928#######@10.###.###.104:5060> > >>>> Content-Type: application/sdp > >>>> Content-Length: 274 > >>>> > >>>> v=0 > >>>> o=root 1911037741 1911037741 IN IP4 209.###.###.### > >>>> s=Asterisk PBX 16.18.0 > >>>> c=IN IP4 209.###.###.### > >>>> t=0 0 > >>>> m=audio 11384 RTP/AVP 0 101 > >>>> a=rtpmap:0 PCMU/8000 > >>>> a=rtpmap:101 telephone-event/8000 > >>>> a=fmtp:101 0-16 > >>>> a=ptime:20 > >>>> a=maxptime:150 > >>>> a=sendrecv > >>>> a=nortpproxy:yes > >>>> > >>>> ACK sip:928#######@209.###.###.###:5060 SIP/2.0 64.###.###.###:5060;branch=z9hG4bK26ab.5547ac15.2 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK91l3it006gr9oiulcqn0.1 :5060>;tag=as04035ef0 by the be able to IP in they might SIP UA, most of the taking care of carrier in have your <mailto:ccolumbu@hotmail.com>> wrote: be a private IP even if the RR is correct. it must be a routable IP which is what the wants to be contacted for subsequent requests. anyone. it is wrong, because other peers cannot reach you route the origination but it will This has routing. <mailto:ccolumbu@hotmail.com>> wrote: ip). does not work. contact header with the private IP and Kamailio server sees the private IP in the Contact and the call dies. (years) what you are saying will not fix it because to do with the routing table and how mhomed or one config like this: need to detect IP, then you do, there's no ccolumbu(a)hotmail.com <mailto:ccolumbu@hotmail.com>> wrote: ip_nonlocal_bind I have also set the Kamailio ip_free_bind=1 sysctl -p, and I have been using it for a long time virtual IPs manually modify start on the file and enable it there: ccolumbu(a)hotmail.com <mailto:ccolumbu@hotmail.com>> wrote: consultant) to help us with our Kamailio setup. a NAT proxy to bridge our external IP and our the Kamailio server uses are virtual IPs created work, and we use force_send_socket to direct the with local config files. header has a private IP in it, like: <http://10.10.10.#%23%23]:5060> <http://10.10.10.#%23%23]:5060>> so that Kamailio recognize the virtual IPs so contact header to the external IP on the way out, is already connected to. server or if we can do some kind of cheat with P-Asserted-Identity (i.e. store the internal IP in the name field to give it a try please reach out to me. __________________________________________________________ Discussions sr-users(a)lists.kamailio.org&gt; not reply only to the sender! https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users http://www.voipembedded.com> __________________________________________________________ Discussions sr-users(a)lists.kamailio.org&gt; not reply only to the sender! https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>> > >>>>> > >>>>> > > > > > > > > -- > VoIP Embedded, Inc. > http://www.voipembedded.com <http://www.voipembedded.com>

Use your 209.x external IP. On Sun, Jan 16, 2022 at 18:07 Chad &lt;ccolumbu(a)hotmail.com <mailto:ccolumbu@hotmail.com>> wrote: Yes I am using a 172.16.x.x IP and it works, it rewrites the headers, but again because 172.16.x.x is also a private IP it is the same as using my real 10.x.x.x IP. The carrier's ACK throws away the local IP and sends the response to my 209.x external IP. -- ^C On 1/16/22 1:38 PM, Ovidiu Sas wrote: <https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask_ip> <https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask_ip>> <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: config. another in the <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: the "to work way out an Kamailio users kind of community <https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.encode_contact> <https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.encode_contact>> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.encode_contact> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.encode_contact>> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.contact_param_encode> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.contact_param_encode>> <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060>> for seqno 102 (Critical Response) -- See <https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions> <https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions>> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060 <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060>> - no <https://wiki.asterisk.org/wik <https://wiki.asterisk.org/wik>> 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK6gj48a00dolcl3jm2gq0.1 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bK91l3it006gr9oiulcqn0.1 <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: reach you <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: Kamailio because <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: ip_free_bind=1 long time <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: created direct the <http://10.10.10.#%23%23]:5060 <http://10.10.10.#%23%23]:5060>>> field <mailto:sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>> <http://www.voipembedded.com>> <mailto:sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>> -- VoIP Embedded, Inc. http://www.voipembedded.com <http://www.voipembedded.com>

Take a look at freeSWITCH On Mon, 17 Jan 2022 at 00:58, Chad &lt;ccolumbu(a)hotmail.com <mailto:ccolumbu@hotmail.com>> wrote: Hmm, it did not fix it (calls still work with my other carriers). It looks to me like it should work, it does use the external IP for everything. It generates an error in the log about making your existing address: topoh [topoh_mod.c:179]: mod_init(): mask address matches myself [209.###.###.###] Here is ther 200 and ACK. SIP/2.0 200 OK Via: SIP/2.0/UDP 64.###.###.###:5060;branch=z9hG4bKf229.9bb425c2.0 Via: SIP/2.0/UDP 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bKrs8bqi00cg14535baf70.1 Record-Route: <sip:209.###.###.###;line=sr-1RaGXxdGcxdGcxdGcxgTp8eVKxT-jxeE1xT-jxehH02vI52Ap81.Nf2hpA9*> Record-Route: <sip:209.###.###.###;r2=on;lr=on;ftag=as471a1f75> Record-Route: <sip:64.###.###.###;lr;ftag=as471a1f75> From: "Anonymous" <sip:anonymous@anonymous.invalid:5060>;tag=as471a1f75 To: <sip:928#######@64.###.###.###:5060>;tag=as199dc3d1 Call-ID: 3510f7167e1a0f6a5423234b1d176a8b@10.44.###.###:5060 CSeq: 102 INVITE Server: Asterisk PBX 16.18.0 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer Contact: <sip:209.###.###.###;line=sr-1RaGXx7VX8CAKx1yp8oFKfFqKfFqKfFqKfFVXx9GpxF*> Content-Type: application/sdp Content-Length: 274 v=0 o=root 1644013823 1644013823 IN IP4 209.###.###.### s=Asterisk PBX 16.18.0 c=IN IP4 209.###.###.### t=0 0 m=audio 19180 RTP/AVP 0 101 a=rtpmap:0 PCMU/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:20 a=maxptime:150 a=sendrecv a=nortpproxy:yes ACK sip:209.###.###.###;line=sr-1RaGXx7VX8CAKx1yp8oFKfFqKfFqKfFqKfFVXx9GpxF* SIP/2.0 Via: SIP/2.0/UDP 64.###.###.###:5060;branch=z9hG4bKf229.9bb425c2.2 Via: SIP/2.0/UDP 206.###.###.###:5060;rport=5060;received=206.###.###.###;branch=z9hG4bKvtgb6f1048h1g6l9s890.1 Max-Forwards: 67 From: "Anonymous" <sip:anonymous@anonymous.invalid:5060>;tag=as471a1f75 To: <sip:928#######@64.###.###.###:5060>;tag=as199dc3d1 Contact: <sip:anonymous@206.###.###.###:5060;transport=udp> Call-ID: 3510f7167e1a0f6a5423234b1d176a8b@10.44.###.###:5060 CSeq: 102 ACK User-Agent: packetrino Content-Length: 0 Route: <sip:209.###.###.###;r2=on;lr=on;ftag=as471a1f75> Route: <sip:209.###.###.###;line=sr-1RaGXxdGcxdGcxdGcxgTp8eVKxT-jxeE1xT-jxehH02vI52Ap81.Nf2hpA9*> -- ^C On 1/16/22 3:16 PM, Ovidiu Sas wrote: <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>>> wrote: private IP response to my <https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask_ip> <https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask_ip>> <https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask_ip> <https://www.kamailio.org/docs/modules/devel/modules/topoh.html#topoh.p.mask_ip>>> <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>> <mailto:ccolumbu@hotmail.com>>>> wrote: module to my <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>> <mailto:ccolumbu@hotmail.com>>>> wrote: carrier is meant in on the create some and I don't deal with a <https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.encode_contact> <https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.encode_contact>> <https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.encode_contact> <https://kamailio.org/docs/modules/5.5.x/modules/mangler.html#mangler.f.encode_contact>>> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.encode_contact> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.encode_contact>> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.encode_contact> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.encode_contact>>> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.contact_param_encode> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.contact_param_encode>> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.contact_param_encode> <https://kamailio.org/docs/modules/5.5.x/modules/siputils.html#siputils.f.contact_param_encode>>> <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>> <mailto:ccolumbu@hotmail.com>>>> wrote: <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060>> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060>>> for seqno 102 (Critical Response) -- See <https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions> <https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions>> <https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions> <https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions>>> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060 <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060>> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060> <http://5ab1525b3712f34c2ab272ae55e649e5@10.44.109.143:5060>>> - no <https://wiki.asterisk.org/wik <https://wiki.asterisk.org/wik>> <https://wiki.asterisk.org/wik>>> asterisk box. <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>> <mailto:ccolumbu@hotmail.com>>>> wrote: correct. what the requests. <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>> <mailto:ccolumbu@hotmail.com>>>> wrote: IP and Contact fix it how mhomed <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>> <mailto:ccolumbu@hotmail.com>>>> wrote: <mailto:ccolumbu@hotmail.com <mailto:ccolumbu@hotmail.com>> <mailto:ccolumbu@hotmail.com>>>> wrote: setup. IP and our virtual IPs <http://10.10.10.#%23%23]:5060 <http://10.10.10.#%23%23]:5060>> <http://10.10.10.#%23%23]:5060>>>> virtual IPs so the way out, cheat with the name to me. <mailto:sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>> <mailto:sr-users@lists.kamailio.org>>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>>> <http://www.voipembedded.com>> <http://www.voipembedded.com <http://www.voipembedded.com> <mailto:sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>> <mailto:sr-users@lists.kamailio.org>>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>>> <http://www.voipembedded.com>> <http://www.voipembedded.com <http://www.voipembedded.com> <http://www.voipembedded.com <http://www.voipembedded.com>>> __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions   * sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> -- Regards, David Villasmil email: david.villasmil.work(a)gmail.com <mailto:david.villasmil.work@gmail.com> phone: +34669448337 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

I have been reading a lot more about the problem and it seems my mangle/unmangle solution is basically B2BUA. So I need a B2BUA solution and it seems like Kamailio does not really do B2BUA. Instead of installing something else I don't know (SEMS or Sippy), it makes more sense to find something that can handle it all. I have read that opensips has B2BUA functionality built in, so I am seriously considering simply replacing Kamailio with opensips. In reality my system has such a low load I can probably replace Kamailio with Asterisk as a B2BUA and it would be fine, but from what I have read Asterisk is very inefficient for B2BUA. -- ^C On 1/16/22 1:38 PM, Ovidiu Sas wrote: __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions  * sr-users(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users