[SR-Users] Integration with multiple MS Teams instances
Володимир Іванець
volodyaivanets at gmail.com
Tue Aug 3 14:48:52 CEST 2021
Hello Daniel,
Yes, I have "socket=tls:172.16.30.206:5062" and "socket=tls:
172.16.30.206:5063" attributes for corresponding records in the Dispatcher
configuration table. $fs prints out correct values in the
"event_route[tm:local-request]".
But I thought that TCP/TLS connections are established from a random port
to a destination port on the peer side. And then the remote peer connects
from its random port to our port 5062/5063.
If understood Kamailio log correctly when it is about to establish a second
connection to the same peer it sees an active connection for the previous
trunk and uses it instead of creating a new one.
Thank you!
Regards, Volodymyr Ivanets.
пн, 2 серп. 2021 о 22:21 Daniel-Constantin Mierla <miconda at gmail.com> пише:
> Hello,
>
> do you force local send socket?
>
> Cheers,
> Daniel
> On 02.08.21 18:21, Володимир Іванець wrote:
>
> Hello Daniel!
>
> I updated Kamailio to the latest released version. The problem is that
> still with tls_set_connect_server_id() I can not make a single instance of
> Kamailio connect to multiple MS Teams domains. I use a single IP address
> with different ports for different trunks. I can see it establishing a
> connection to one trunk and using it for other domains.
>
> Is there a way to force Kamailio to make a new TLS connection to the same
> peer address that it is already connected to?
>
> Thank you!
>
> Regards, Volodymyr Ivanets.
>
> пн, 2 серп. 2021 о 13:44 Daniel-Constantin Mierla <miconda at gmail.com>
> пише:
>
>> Hello,
>>
>> upgrading is the recommended way, indeed, if you want to use
>> tls_set_connect_server_id(). For older version you may want to try looping
>> back to kamailio (can be over udp) and the use the xavps. Adds some
>> overhead and hops, but if you are stuck to a version and can't really
>> upgrade soon, might be an option to look at.
>>
>> Cheers,
>> Daniel
>> On 29.07.21 18:48, Володимир Іванець wrote:
>>
>> Hello Rob!
>>
>> Yes, I'm using Letsencrypt while I'm testing. But I would like to be able
>> to use different certificates with different sockets.
>>
>> I found this discussion https://github.com/kamailio/kamailio/issues/2413.
>> Looks like I need to use "tls_set_connect_server_id()" instead of setting
>> $xavp(tls=>server_name)" and "$xavp(tls[0]=>server_id)". Unfortunately I'm
>> currently using Kamailio v5.4 on my test system and this function is not
>> available. I will update Kamailio and give it another try. Then I will
>> update everyone in the hope it will be useful for someone :)
>>
>> Thank you!
>>
>> Regards, Volodymyr Ivanets
>>
>> чт, 29 лип. 2021 о 19:07 Rob van den Bulk <rob.van.den.bulk at gmail.com>
>> пише:
>>
>>> Hello, are u using letsencrypt?
>>>
>>> U can use a multi domain.
>>>
>>> Muti domain names in one certificate
>>>
>>> Outlook voor Android <https://aka.ms/AAb9ysg> downloaden
>>> ------------------------------
>>> *From:* sr-users <sr-users-bounces at lists.kamailio.org> on behalf of
>>> Володимир Іванець <volodyaivanets at gmail.com>
>>> *Sent:* Thursday, July 29, 2021 4:44:16 PM
>>> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
>>> *Subject:* [SR-Users] Integration with multiple MS Teams instances
>>>
>>> Hello all!
>>>
>>> I was able to connect Kamailio with MS Teams and now trying to add one
>>> more Teams instance. It looks like I have some misconfiguration or there is
>>> a bug.
>>>
>>> My test server has 2 domain records pointing at it (kamailio.domain1.com
>>> and kamailio.domain2.com). My tls.cfg configuration file looks like
>>> this. As you can see the Default section is configured with a
>>> kamailio.domain1.com sertificate:
>>>
>>> *[server:default]*
>>> *method = TLSv1.0+*
>>> *require_certificate = no*
>>> *verify_certificate = no*
>>> *private_key =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>>> <http://kamailio.domain1.com/server/key.pem>*
>>> *certificate =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>>> <http://kamailio.domain1.com/server/cert.pem>*
>>> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>>> <http://kamailio.domain1.com/CA/cert.pem>*
>>>
>>>
>>> *[client:default]*
>>> *method = TLSv1.0+*
>>> *require_certificate = no*
>>> *verify_certificate = no*
>>> *private_key =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>>> <http://kamailio.domain1.com/server/key.pem>*
>>> *certificate =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>>> <http://kamailio.domain1.com/server/cert.pem>*
>>> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>>> <http://kamailio.domain1.com/CA/cert.pem>*
>>>
>>>
>>>
>>> *[server:172.16.30.206:5062 <http://172.16.30.206:5062>]*
>>> *method = TLSv1.0+*
>>> *require_certificate = no*
>>> *verify_certificate = no*
>>> *private_key =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>>> <http://kamailio.domain1.com/server/key.pem>*
>>> *certificate =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>>> <http://kamailio.domain1.com/server/cert.pem>*
>>> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>>> <http://kamailio.domain1.com/CA/cert.pem>*
>>> *server_name = "kamailio.domain1.com <http://kamailio.domain1.com>"*
>>> *server_id = "**"kamailio.domain1.com <http://kamailio.domain1.com>"*
>>>
>>>
>>> *[client:172.16.30.206:5062 <http://172.16.30.206:5062>]*
>>> *method = TLSv1.0+*
>>> *require_certificate = no*
>>> *verify_certificate = no*
>>> *private_key =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>>> <http://kamailio.domain1.com/server/key.pem>*
>>> *certificate =
>>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>>> <http://kamailio.domain1.com/server/cert.pem>*
>>> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>>> <http://kamailio.domain1.com/CA/cert.pem>*
>>>
>>>
>>>
>>> *[server:172.16.30.206:5063 <http://172.16.30.206:5063>]*
>>> *method = TLSv1.0+*
>>> *require_certificate = no*
>>> *verify_certificate = no*
>>> *private_key =
>>> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem
>>> <http://kamailio.domain2.com/server/key.pem>*
>>> *certificate =
>>> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
>>> <http://kamailio.domain2.com/server/cert.pem>*
>>> *ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
>>> <http://kamailio.domain2.com/CA/cert.pem>*
>>> *server_name = "kamailio.domain2.com <http://kamailio.domain2.com>"*
>>>
>>> *server_id = "**"kamailio.domain2.com <http://kamailio.domain2.com>"*
>>>
>>>
>>> *[client:172.16.30.206:5063 <http://172.16.30.206:5063>]*
>>> *method = TLSv1.0+*
>>> *require_certificate = no*
>>> *verify_certificate = no*
>>> *private_key =
>>> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem
>>> <http://kamailio.domain2.com/server/key.pem>*
>>> *certificate =
>>> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
>>> <http://kamailio.domain2.com/server/cert.pem>*
>>> *ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
>>> <http://kamailio.domain2.com/CA/cert.pem>*
>>>
>>>
>>> The dispatcher configuration table looks like this:
>>>
>>>
>>> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+
>>> | id | setid | destination | flags |
>>> priority | attrs
>>> | description |
>>>
>>> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+
>>> | 1 | 1 | sip:sip.pstnhub.microsoft.com;transport=tls | 0 |
>>> 3 | socket=tls:172.16.30.206:5062;ping_from=sip:
>>> kamailio.domain1.com | MS Teams 1 |
>>> | 2 | 2 | sip:sip.pstnhub.microsoft.com;transport=tls | 0 |
>>> 3 | socket=tls:172.16.30.206:5063;ping_from=sip:
>>> kamailio.domain2.com | MS Teams 2 |
>>>
>>> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+
>>>
>>>
>>>
>>> When Kamailio is started only connection with the first trunk is
>>> established:
>>>
>>> *# kamcmd tls.list*
>>> *{*
>>> * id: 1*
>>> * timeout: 0*
>>> * src_ip: 52.114.75.24*
>>> * src_port: 5061*
>>> * dst_ip: 172.16.30.206*
>>> * dst_port: 0*
>>> * cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA
>>> Enc=AESGCM(256) Mac=AEAD*
>>> * ct_wq_size: 0*
>>> * enc_rd_buf: 0*
>>> * flags: 2*
>>> * state: established*
>>> *}*
>>> *{*
>>> * id: 2*
>>> * timeout: 0*
>>> * src_ip: 52.114.75.24*
>>> * src_port: 7810*
>>> * dst_ip: 172.16.30.206*
>>> * dst_port: 5062*
>>> * cipher: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA
>>> Enc=AESGCM(256) Mac=AEAD*
>>> * ct_wq_size: 0*
>>> * enc_rd_buf: 0*
>>> * flags: 2*
>>> * state: established*
>>> *}*
>>> *{*
>>> * id: 3*
>>> * timeout: 596*
>>> * src_ip: 52.114.75.24*
>>> * src_port: 7811*
>>> * dst_ip: 172.16.30.206*
>>> * dst_port: 5062*
>>> * cipher: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA
>>> Enc=AESGCM(256) Mac=AEAD*
>>> * ct_wq_size: 0*
>>> * enc_rd_buf: 0*
>>> * flags: 2*
>>> * state: established*
>>> *}*
>>>
>>>
>>> Here is what I can see in Kamailio log file when it sends an OPTIONS
>>> request to the second trunk. Kamailio uses Default tls configuration and MS
>>> Teams don't accept it:
>>>
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: ALERT: <script>: ==
>>> TRACE. tm:local-request. fs is tls:172.16.30.206:5063
>>> <http://172.16.30.206:5063>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm
>>> [uac.c:352]: t_run_local_req(): apply new updates without Via to sip msg*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/msg_translator.c:1796]: check_boundaries(): no multi-part body*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request:*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:612]: parse_msg(): method: <OPTIONS>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:614]: parse_msg(): uri:
>>> <sip:sip.pstnhub.microsoft.com
>>> <http://sip.pstnhub.microsoft.com>;transport=tls>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:616]: parse_msg(): version: <SIP/2.0>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/parse_via.c:1303]: parse_via_param(): Found param type 232,
>>> <branch> = <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/parse_via.c:2639]: parse_via(): end of header reached, state=5*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:498]: parse_headers(): Via found, flags=2*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:500]: parse_headers(): this is the first via*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/parse_addr_spec.c:864]: parse_addr_spec(): end of header
>>> reached, state=10*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:171]: get_hdr_field(): <To> [47];
>>> uri=[sip:sip.pstnhub.microsoft.com
>>> <http://sip.pstnhub.microsoft.com>;transport=tls]*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:174]: get_hdr_field(): to body
>>> (47)[<sip:sip.pstnhub.microsoft.com
>>> <http://sip.pstnhub.microsoft.com>;transport=tls>^M*
>>> *], to tag (0)[]*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq <CSeq>: <10>
>>> <OPTIONS>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:185]: get_hdr_field(): content_length=0*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:89]: get_hdr_field(): found end of header*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request:*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:612]: parse_msg(): method: <OPTIONS>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:614]: parse_msg(): uri:
>>> <sip:sip.pstnhub.microsoft.com
>>> <http://sip.pstnhub.microsoft.com>;transport=tls>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:616]: parse_msg(): version: <SIP/2.0>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/parse_via.c:1303]: parse_via_param(): Found param type 232,
>>> <branch> = <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/parse_via.c:2639]: parse_via(): end of header reached, state=5*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:498]: parse_headers(): Via found, flags=2*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:500]: parse_headers(): this is the first via*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/parse_addr_spec.c:864]: parse_addr_spec(): end of header
>>> reached, state=10*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:171]: get_hdr_field(): <To> [47];
>>> uri=[sip:sip.pstnhub.microsoft.com
>>> <http://sip.pstnhub.microsoft.com>;transport=tls]*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:174]: get_hdr_field(): to body
>>> (47)[<sip:sip.pstnhub.microsoft.com
>>> <http://sip.pstnhub.microsoft.com>;transport=tls>^M*
>>> *], to tag (0)[]*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq <CSeq>: <10>
>>> <OPTIONS>*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm
>>> [uac.c:189]: uac_refresh_hdr_shortcuts(): cseq: [CSeq: 10]*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/tcp_main.c:1993]: tcp_send(): no open tcp connection found, opening
>>> new one*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection:
>>> 52.114.75.24*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/tcp_main.c:1175]: tcpconn_new(): on port 5061, type 3, socket -1*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core>
>>> [core/tcp_main.c:1498]: tcpconn_add(): hashes: 2831:67:0, 1*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls
>>> [tls_server.c:199]: tls_complete_init(): completing tls connection
>>> initialization*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls
>>> [tls_server.c:162]: tls_get_connect_server_name(): xavp with outbound
>>> server name not found*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls
>>> [tls_server.c:142]: tls_get_connect_server_id(): xavp with outbound server
>>> id not found*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls
>>> [tls_server.c:228]: tls_complete_init(): Using initial TLS domain
>>> TLSc<default> (dom 0x7f35509da688 ctx 0x7f3550b7a568 sn [])*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls
>>> [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for
>>> SSL_CTX-0x7f3550b7a568: (nil)*
>>> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls
>>> [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started*
>>> *...*
>>>
>>>
>>> If I change the Default configuration to use kamailio.domain2.com
>>> certificate, the second trunk will connect but the first one will fail.
>>> I tried to set "$xavp(tls=>server_name)" and "$xavp(tls[0]=>server_id)"
>>> variables to the event_route[tm:local-request] section but log still stated
>>> that server Name and ID were not found.
>>>
>>> Can someone please point me in the right direction, how can I make
>>> Kamailio use the correct certificates when establishing multiple TLS
>>> connections?
>>>
>>> Thanks a lot!
>>>
>>> Regards, Volodymyr Ivanets
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>> * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to the sender!
>> Edit mailing list options or unsubscribe:
>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> --
>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>
>> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210803/a5471869/attachment.htm>
More information about the sr-users
mailing list