[SR-Users] outbound Edge Proxy
Giovanni Iamonte
iamonte at quintetto.it
Tue Dec 6 18:32:46 CET 2022
Hi Henning,
For some internal policies we must use HAproxy.
In our current configuration (Haproxy -> Kamalio Register) everything
work correctly.
In our next configuration (HAproxy -> Kamailio edge proxy -> Kamalio
Register)
the Record-Route and via are the same for REGISTER, SUBSCRIBE, INVITE
and MESSAGE, see below
/Record-Route: <//sip:192.168.58.1:15006;transport=tcp;r2=on;lr//>//
//Record-Route:
<//sip:sip-test.example.com:16005;transport=tls;r2=on;lr//>//
//Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6//
//Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias/
Now the question is: why the REGISTER, SUBSCRIBE work and INVITE,
MESSAGE do not work. furthermore, since the Record- Route and VIA are
the same there is a reason why the REGISTER, SUBSCRIBE use the TCP and
INVITE, MESSAGE use the TLS.
Below the error that we can see in the kamailio log.
/Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: WARNING:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core>
[core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced
tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]:
uri2dst2(): no corresponding socket found for "192.168.58.1" af 2
(tls:192.168.58.1:60982)//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]:
prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding
listening socket)//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]:
t_forward_nonack(): failure to add branches//
//Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
{1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl [sl_funcs.c:372]:
sl_reply_error(): stateless error reply used: I'm terribly sorry, server
error occurred (7/SL)
/
Thanks
Regards
------------------------------------------------------------------------
Ing. Giovanni Iamonte
Developments and technologies area
Quintetto Srl
Via Monte Navale, 1
10015 - Ivrea (TO)
mobile: +39 393 9196310
tel: +39 0165 1845290
e-mail: giovanni.iamonte at quintetto.it
web: www.quintetto.it
On 06/12/22 14:57, Henning Westerholt wrote:
>
> Hello,
>
> why do you want to build it like this in the first place? Usually,
> Kamailio is used as the first network element that processes the
> traffic from the devices. That means, its not used behind haproxy.
>
> If you want to use haproxy for some reasons, there is a core parameter
> to enable support for the haproxy protocol. But it will not help you
> for this error.
>
> This is probably caused from the Record-Route/Via contains the tls
> protocol. The haproxy of course does not speak SIP, so the message
> contains not the headers Kamailio expect.
>
> Cheers,
>
> Henning
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/ <https://skalatan.de/blog/>
>
> Kamailio services – https://gilawa.com <https://gilawa.com/>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of
> *Giovanni Iamonte
> *Sent:* Tuesday, December 6, 2022 2:32 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* [SR-Users] outbound Edge Proxy
>
> Dear List
>
> In the last week I try to figure out how I can put in place a
> configuration that use an edge proxy and a register by using kamailio
> 5.6, but i am facing some issues.
>
> Scenario:
>
> We are using on ubuntu 20.04, HAproxy and Kamailio 5.6.
>
> We have configured a Kamailio register that, in the following case,
> perfectly works.
>
> ______ __ __________
> TLS | | TLS
> | |
> Client ------------------ > | NAT |-----------> | Kamalio |
> in |_HAProxy | out in | Register |
> |_________| | |
> |________ _|
>
> Now we want to put a kamailio edge proxy before the kamailio Register,
> please take a look to the below picture
>
> ______
>
> ______ __ _________ ___________
> TLS | | TLS |
> | TCP | |
> Client ------------------ > | NAT |-----------> | Kamalio |
> -------------> | Kamailio |
> in |_HAProxy | out in | Edge | out
> in | Register |
> |_________| | Proxy |
> | |
> |_________| |___________|
>
> HAproxy -> sip-test.example.com
>
> Kamailio edge proxy -> 192.168.58.1
>
> Kamailio Register -> 192.168.58.15
>
> The kamailio Edge has been configured as indicated in the outbound
> module example.
>
> When a transaction such as REGISTER or SUBSCRIBE reach the "Kamailio
> Register" the Record-Route and Via headers are correct and it works.
>
> When the transaction such as MESSAGE or INVITE reach the "Kamailio
> Register" it does not work and below you can see the message and the
> error.
>
> Note that the Record-Route and Via headers are the same as the
> previous message REGISTER and SUBSCRIBE.
>
> Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO:
> {1 40742 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>:
> SIPMessage-in-request =
> 192.168.58.1:53606-sip:s-user.02 at sip-dev.example.com-MESSAGE
> sip:s-user.02 at sip-dev.example.com SIP/2.0
>
> Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
> Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
> Via: SIP/2.0/TCP
> 192.168.58.1:15006;branch=z9hG4bKa257.add27f134dd83c78aef13ca7798f87ca.0;i=6
> Via: SIP/2.0/TLS
> 192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjajkY.0NlW2AFuz3.BRaKH4EdvdmQTs9L;alias
> Max-Forwards: 69
> From: <sip:s-user.03 at sip-dev.example.com>
> <mailto:sip:s-user.03 at sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
> To: <sip:s-user.02 at sip-dev.example.com>
> <mailto:sip:s-user.02 at sip-dev.example.com>
> Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
> CSeq: 40742 MESSAGE
> Accept: text/plain, application/im-iscomposing+xml
> Content-Type: text/plain
> Content-Length: 59
>
> ################## MESSAGE ###################
> Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO:
> {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>:
> SIPMessage-in-request =
> 192.168.58.1:53606-sip:s-user.02 at sip-dev.example.com-MESSAGE
> sip:s-user.02 at sip-dev.example.com SIP/2.0
> Record-Route: <sip:192.168.58.1:15006;transport=tcp;r2=on;lr>
> Record-Route: <sip:sip-test.example.com:16005;transport=tls;r2=on;lr>
> Via: SIP/2.0/TCP
> 192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6
> Via: SIP/2.0/TLS
> 192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias
> Max-Forwards: 69
> From: <sip:s-user.03 at sip-dev.example.com>
> <mailto:sip:s-user.03 at sip-dev.example.com>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3
> To: <sip:s-user.02 at sip-dev.example.com>
> <mailto:sip:s-user.02 at sip-dev.example.com>
> Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET
> CSeq: 40743 MESSAGE
> Accept: text/plain, application/im-iscomposing+xml
> Proxy-Authorization: Digest username="s-user.03",
> realm="sip-dev.example.com", nonce="Y48hMWOPIAW7JeSQ7/a+cuJ1gKwT8hrC",
> uri="sip:s-user.02 at sip-dev.example.com"
> <mailto:sip:s-user.02 at sip-dev.example.com>,
> response="3b7c34476443e5f1125fa460a4981180",
> cnonce="3AT-ZMwyfpgaMwlulh5cq5vJHi75-wnz", qop=auth, nc=00000001
> Content-Type: text/plain
> Content-Length: 59
>
>
> Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
> WARNING: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <core>
> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch
> (forced tcp:192.168.58.15:15006, to tls:192.168.58.1:60982)
> Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
> {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [ut.h:315]:
> uri2dst2(): no corresponding socket found for "192.168.58.1" af 2
> (tls:192.168.58.1:60982)
> Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
> {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:471]:
> prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding
> listening socket)
> Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
> {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm [t_fwd.c:1754]:
> t_forward_nonack(): failure to add branches
> Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]: ERROR:
> {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl
> [sl_funcs.c:372]: sl_reply_error(): stateless error reply used: I'm
> terribly sorry, server error occurred (7/SL)
>
> based on what we have understood in the message headers "Via" and
> Record-Route" there are the right information to reach back the proxy
> Edge, but looking to the error message it seems that the kamailio
> register try to reach back the proxy edge through the TLS instead of
> using the TCP.
>
> Could someone put me in the right direction.
>
> Thanks
>
> Regards
>
> --
>
> ------------------------------------------------------------------------
>
> Ing. Giovanni Iamonte
> Developments and technologies area
> Quintetto Srl
> Via Monte Navale, 1
> 10015 - Ivrea (TO)
> (mobile: +39 393 9196310
> (tel: +39 0165 1845290
> +e-mail: giovanni.iamonte at quintetto.it
> [web: www.quintetto.it <http://www.quintetto.it>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221206/6cc1d8ab/attachment.htm>
More information about the sr-users
mailing list