<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">By setting $du, I was able to force proxy1 to use TLS instead of UDP.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal">$du = <a href="sip:ip:port;transport=tls">"sip:ip:port;transport=tls"</a>;<br>
t_relay();<br>
<br>
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Thanks Daniel for your input.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Pranathi Venkatayogi
<br>
<b>Sent:</b> Wednesday, January 25, 2017 8:25 AM<br>
<b>To:</b> 'miconda@gmail.com' <miconda@gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org><br>
<b>Subject:</b> RE: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">I am attaching all the information needed:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Here is invite sent by the customer -
<o:p></o:p></span></b></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">10.11.200.21:58822 -(SIP over TLS)-> 10.0.16.52:5061<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">INVITE
<a href="sip:spanish@translation.sms-test.cyracom.com">sip:spanish@translation.sms-test.cyracom.com</a> SIP/2.0<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Via: SIP/2.0/TLS 10.11.200.21:58822;rport;branch=z9hG4bKPj40846ca84d834aeb9d6ae838e7d01166;alias<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Max-Forwards: 70<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From: "cust1" <<a href="sip:cust1@devtranslation.sms-test.cyracom.com">sip:cust1@devtranslation.sms-test.cyracom.com</a>>;tag=46715a1fbe9c4d06a04ecf7e48997955<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">To: <<a href="sip:spanish@translation.sms-test.cyracom.com">sip:spanish@translation.sms-test.cyracom.com</a>><o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Contact: <<a href="sip:64715890@10.11.200.21:58825;transport=tls">sip:64715890@10.11.200.21:58825;transport=tls</a>><o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Call-ID: a6a27f5f13a147ff82f48fde3789838e<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">CSeq: 6098 INVITE<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Supported: replaces, norefersub, gruu<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">User-Agent: Blink 3.0.0 (Windows)<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Proxy-Authorization: Digest username="cust1", realm="devtranslation.sms-test.cyracom.com", nonce="WIfTSliH0h4rWzCg73Myws7fCOgYpwHyAg5IxIA=", uri="<a href="sip:spanish@translation.sms-test.cyracom.com">sip:spanish@translation.sms-test.cyracom.com</a>",
response="391c1e155da5949698501a379b9037a3"<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Content-Type: application/sdp<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Content-Length: 359<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">v=0<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">o=- 3694256158 3694256158 IN IP4 10.11.200.21<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">s=Blink 3.0.0 (Windows)<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">t=0 0<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">m=message 2855 TCP/TLS/MSRP *<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">c=IN IP4 10.11.200.21<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=path:msrps://192.168.1.110:2855/3dc0380f6ef30157c39c;tcp<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=setup:active<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Here is the invite received by the agent. As we see transport=tls is set correctly. Question is why and who is inserting Via header to be UDP port 5060.
10.0.16.52 is proxy1’s IP address. Strange thing is proxy1 has TLS connection with proxy2 and still it is sending via UDP.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">172.31.211.31:5061 -(SIP over TLS)-> 10.0.27.108:60894<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">INVITE
<a href="sip:20745891@10.0.27.108:60896;transport=tls">sip:20745891@10.0.27.108:60896;<span style="background:yellow;mso-highlight:yellow">transport=tls</span></a> SIP/2.0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Via: SIP/2.0/TLS 63.149.103.72:5061;branch=z9hG4bKe337.4192b97c6a818407e5631f415c224e45.0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:red">Via: SIP/2.0/UDP 10.0.16.52;rport=5060;</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">branch=z9hG4bKe337.2c67958aee41eaa6f6d03652c89552c8.0;i=1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Via: SIP/2.0/TLS 10.11.200.21:59039;received=10.11.200.21;rport=59039;branch=z9hG4bKPj62fa0d97094946169f04a60aeb9aa215;alias<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Max-Forwards: 68<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From: "cust1" <<a href="sip:cust1@devtranslation.sms-test.cyracom.com">sip:cust1@devtranslation.sms-test.cyracom.com</a>>;tag=7bbc8a1c90e94d96b3360223ce815d50<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">To: <<a href="sip:spanish@translation.sms-test.cyracom.com">sip:spanish@translation.sms-test.cyracom.com</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Contact: <<a href="sip:64715890@10.11.200.21:59045;transport=tls">sip:64715890@10.11.200.21:59045;transport=tls</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Record-Route: <<a href="sip:63.149.103.72:5060;transport=tls;lr;nat=yes">sip:63.149.103.72:5060;transport=tls;lr;nat=yes</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Record-Route: <<a href="sip:10.0.16.52:5061;transport=tls;lr;nat=yes">sip:10.0.16.52:5061;transport=tls;lr;nat=yes</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Call-ID: f1f4cb291ee44c11b3eda6c6801c1d22<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">CSeq: 28943 INVITE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Supported: replaces, norefersub, gruu<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">User-Agent: Blink 3.0.0 (Windows)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Content-Type: application/sdp<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Content-Length: 359<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">v=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">o=- 3694259050 3694259050 IN IP4 10.11.200.21<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">s=Blink 3.0.0 (Windows)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">t=0 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">m=message 2855 TCP/TLS/MSRP *<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">c=IN IP4 10.11.200.21<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=path:msrps://192.168.1.110:2855/3fe6e776d38e70ffc529;tcp<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">a=setup:active<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Attached is the nslookup output of the proxy2 domain.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><img border="0" width="612" height="478" id="Picture_x0020_1" src="cid:image002.jpg@01D27714.A43CB960"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> sr-users [<a href="mailto:sr-users-bounces@lists.sip-router.org">mailto:sr-users-bounces@lists.sip-router.org</a>]
<b>On Behalf Of </b>Daniel-Constantin Mierla<br>
<b>Sent:</b> Wednesday, January 25, 2017 12:17 AM<br>
<b>To:</b> Kamailio (SER) - Users Mailing List <<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>><br>
<b>Subject:</b> Re: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hello,<br>
<br>
first thing: do not reply to other emails from the mailing list, create a new one -- at the end of your message is a previous email from the list. It keeps the conversation clean, doesn't mess the email thread id and also makes it easier to understand what's
all about (and less bandwidth) on mobile devices.<br>
<br>
You would have to provide the sip packet (the invite) to understand what happens there. The support of TLS can be discovered via DNS lookup (NAPTR+SRV) or the transport can be enforced in the r-uri with transport=xyz parameter.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<br>
On 24/01/2017 20:01, Pranathi Venkatayogi wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hi,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> I have two instances of Kamailio acting as edge proxies. One on the customer side and one on the agent side.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Like: customer -> proxy1 -> proxy2 -> agent.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Both customer and agent are registered to proxy1/proxy2 via TLS.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> However when proxy1 forwards to proxy2, it is using UDP. How can I force it to use TLS?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Attached is the result of nslookup on the domain: translation.sms-test.cyracom.com.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Daniel-Constantin Mierla<o:p></o:p></pre>
<pre><a href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a><o:p></o:p></pre>
<pre>Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - <a href="http://www.asipto.com">www.asipto.com</a><o:p></o:p></pre>
<pre>Kamailio World Conference - May 8-10, 2017 - <a href="http://www.kamailioworld.com">www.kamailioworld.com</a><o:p></o:p></pre>
</div>
</body>
</html>