Re: [SR-Users] Setting up uacreg

[Arsen Semenov]

Hi Duncan,

There are plenty of options here.

I think here is good place to start:
https://www.kamailio.org/wiki/tutorials/security/kamailio-security

You also can check https://www.apiban.org/doc.html


Regards,

On Thu, Jul 29, 2021 at 8:37 AM Duncan Turnbull 
wrote:

> Hi Arsen
>
> Thanks very much, I am looking at that now
>
> Is there an easy way to control the extensions that are proxied through to
> asterisk so that we restrict the ability of outside scanning of extension
> lists. I would like to limit the registrations for extensions passed
> through to asterisk that come from an unknown / external ips.
>
> Thanks again
>
> Cheers Duncan
>
> On Wed, Jul 28, 2021 at 11:11 PM Arsen Semenov 
> wrote:
>
>> You can check how Path works, it is described in rfc3327, this is
>> probably what you need.
>> From the Asterisk side; however, I can't tell whether it is supported by
>> pjsip, there was some issue as I know, but at least chan_sip should support
>> it.
>> Also docs for kamailio registrar module.
>> What do you mean by "limit the user ids that go through to asterisk"?
>>
>> On Wed, Jul 28, 2021 at 12:50 PM Duncan Turnbull 
>> wrote:
>>
>>> Hi Arsen
>>>
>>> Thanks very much for your reply
>>>
>>> We were using repro which does that but are interested in the wider
>>> capabilities of kamailio.
>>>
>>> We are wanting to limit the user ids that go through to asterisk and
>>> eventually have two kamailio servers that provide some failover
>>>
>>> I saw a slide pack from Fred Posner talking about fronting asterisk with
>>> kamailio and I probably jumped to uac without fully understanding what it’s
>>> purpose is
>>>
>>> I also saw that shared line appearance can be simulated using kamailio,
>>> and perhaps it needs the uac module to achieve that.
>>>
>>> My general understanding is new and growing so I am grateful for all
>>> advice or questions
>>>
>>> Thanks again
>>>
>>> Cheers Duncan
>>>
>>> On 28/07/2021, at 3:34 PM, Arsen Semenov  wrote:
>>>
>>> 
>>> Hi Duncan,
>>>
>>> This scenario is quite new for me, not sure I got it right.. but why
>>> have you decided not to proxying requests to asterisks?
>>> By leveraging Path and Record-route headers Asterisk will know how to
>>> route the response back as well as new requests.
>>> And the proxy will know how to handle them.
>>> This is how kamailio is usually set as a front-end for media servers.
>>>
>>>
>>>
>>> On Wed, Jul 28, 2021 at 8:35 AM Duncan Turnbull 
>>> wrote:
>>>
 Hi there

 I am a new user of Kamailio and we are trying to use it to be as a
 front end for our asterisk pbx. We are running on Ubuntu 18.04 and Kamailio
 5.3.8 with Siremis

 Rather than proxying the request through to asterisk we are trying to
 use uacreg to send a login to asterisk. Asterisk will think all the users
 are appear from the proxy but thats okay. Initially this is just for
 external users but eventually all phones etc will register via Kamailio and
 we will have the trunks there (and split them across another kamailio but
 thats another job)

 If I add a user to the uacreg then when I register to Kamailio it sends
 a register request but to the realm in the uacreg table and the matching
 port Kamailio is running on.

 Is this because somewhere we have set Kamailio to directly proxy on and
 we need to turn that off first?

 This is our uacreg table

 mysql> select * from uacreg;

 ++++++---+---+---+---+--++-+---+---++
 | id | l_uuid | l_username | l_domain   | r_username | r_domain  |
 realm | auth_username | auth_password | auth_ha1 | auth_proxy |
 expires | flags | reg_delay | socket |

 ++++++---+---+---+---+--++-+---+---++
 |  1 | testuser | testuser | ourdomain.com | 88 |
 10.8.8.20 | 10.8.8.20 | 88| password  | ''   | sip:
 10.8.8.20:5060 | 360 | 0 | 3 ||

 ++++++---+---+---+---+--++-+---+---++
 1 row in set (0.00 sec)

 All pointer, guides and recommendations will be welcome

 Thanks very much

 Cheers Duncan




 __
 Kamailio - Users Mailing List - Non Commercial Discussions
   * sr-users@lists.kamailio.org
 Important: keep the mailing list in the recipients, do not reply only
 to the sender!
 Edit mailing list options or unsubscribe:
   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

>>>
>>

Re: [SR-Users] Guidelines on E164 conversions

[Henning Westerholt]

Hello,

Yes – as said, you should use the uac functions to change the From/To headers. 
This is recommended over using the $fU or $tU.

Cheers,

Henning

From: sr-users  On Behalf Of Melissa Frasik
Sent: Wednesday, July 28, 2021 7:52 PM
To: Kamailio (SER) - Users Mailing List 
Subject: Re: [SR-Users] Guidelines on E164 conversions

Hello,

My apologies, I seem to have ​posted an incomplete code segment. I only seem to 
have issues when it comes to replacing $fU (before using uac_replace_from) - 
the same action on $rU seems to work properly. In the below situation, the $fU 
variable should be updated with the plus, but the $avp(uacreplacefromdisplay) 
variable has the value of the original $fU, not the updated one. Is this 
practice redundant, and should actions on $fU and $rU be avoided in favor of 
uac_replace_to/uac_replace_from?




$fU = "+" + $avp(src=>countrycode) + $fU;

$avp(uacreplacefromdisplay) = $fU;

$avp(uacreplacefromuri) = $fu;



if ($avp(uacreplacefromdisplay) && $avp(uacreplacefromuri)) {


uac_replace_from("$avp(uacreplacefromdisplay)","$avp(uacreplacefromuri)");

$avp(uacreplacefromdisplay[*])=$null;

$avp(uacreplacefromuri[*])=$null;

}



xlog("$ci - converting domestic caller id number to $fU ($fu) - 
$avp(uacreplacefromdisplay) $avp(uacreplacefromuri)");


Thank you so much for your help!

From: Henning Westerholt mailto:h...@skalatan.de>>
Sent: Wednesday, July 28, 2021 1:29 PM
To: Kamailio (SER) - Users Mailing List 
mailto:sr-users@lists.kamailio.org>>
Cc: Melissa Frasik 
mailto:melissa.fra...@dicecorp.com>>
Subject: RE: Guidelines on E164 conversions


Hello,



If you want to change the From (or To) header content, you should use the “uac” 
modules replace_from/_to functions. They will transparently make sure that both 
end-points get the correct header content.



Cheers,



Henning



--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com





From: sr-users 
mailto:sr-users-boun...@lists.kamailio.org>>
 On Behalf Of Melissa Frasik
Sent: Tuesday, July 27, 2021 11:26 PM
To: sr-users@lists.kamailio.org
Subject: [SR-Users] Guidelines on E164 conversions



Hi all,

I'm running into some issues with E164 conversions and was wondering if there 
was a decent standardized method for conversions. Conversions using $rU seem to 
be working great, but $fU is behaving badly. This is what I have so far:

xlog("$ci - caller id was $avp(src=>callerid)");



if($avp(src=>callerid) =~ "^\+"){

xlog("$ci - caller id already E164");

}else if($(rU{s.substr,0,$(avp(src=>countrycode){s.len})}) == 
$avp(src=>countrycode)){

$avp(src=>callerid) = "+" + $avp(src=>callerid);

$fU = $avp(src=>callerid);

$avp(uacreplacefromdisplay) = $fU;

$avp(uacreplacefromuri) = $fu;

xlog("$ci - Adding plus to make caller id e164");

}else{

$fU = "+" + $avp(src=>countrycode) + $fU;

$avp(uacreplacefromdisplay) = $fU;

$avp(uacreplacefromuri) = $fu;

xlog("$ci - converting domestic caller id number to $fU ($fu) - 
$avp(uacreplacefromdisplay) $avp(uacreplacefromuri)");

}



Previously, I'd found a suggestion mentioning using uac_replace_from in the 
route[RELAY] (which is the purpose of the uacreplacefrom avps), but $fU does 
not appear to be changing its value. Is there something I'm doing incorrectly?
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] How to unload previously loaded destinations in the case of applying multiple ds_select_domain

[Serdar GÜÇLÜER]

Hello all,

I have a trouble that is related to the way of usage of dispatcher module.

I am working with Kamailio 5.3.2 and using dispatcher module as load 
balancer to route calls to the media gateways.


My dispatching routes are below as simply,

route[DISPATCH] {
if(ds_select_domain("2", "4")) {
route(MYRELAY);
} else {
send_reply("503","Service Unavailable - No MGW");
exit;
}
}
route[MYRELAY] {
t_on_failure("MYFAILURE");
if(!t_relay()) {
sl_reply_error();
}
exit;
}
failure_route[MYFAILURE] {
route(NATMANAGE);
revert_uri();
if (t_is_canceled()) {
exit;
}
if ($T_reply_code == 408 || $T_reply_code == 503) {
if(ds_next_domain()) {
route(MYRELAY);
} else {
send_reply("503","Service Unavailable");
exit;
}
} else {
if(ds_select_domain("6", "4")) {
route(MYVMRELAY);
} else {
send_reply(486,"Busy");
exit;
}
}
}
route[MYVMRELAY] {
t_on_failure("MYVMFAILURE");
if(!t_relay()) {
sl_reply_error();
}
exit;
}
failure_route[MYVMFAILURE] {
route(NATMANAGE);
revert_uri();
if (t_is_canceled()) {
exit;
}
if(ds_next_domain()) {
route(MYVMRELAY);
} else {
send_reply("503","Service Unavailable");
exit;
}
}


I have multiple media gateways(setid=2) and voicemail servers(setid=6). 
As can be seen from the configuration,
after first routing, for transaction reply code except 408 or 503, I am 
routing call to the voicemail server using dispatcher.
In that phase, dispatcher module is remembering previously loaded 
destinations that come from first ds_select_domain
and module try to route these destinations in the case that all 
voicemail servers are unavailable.
So basically, I want to unload all destinations comes from previous 
ds_select_domain.


From the documentation, i tried ds_load_update and ds_load_unset 
methods but not worked for me.


Is there any way to overcome that problem or any right usages of these 
methods.


Thank you,

Serdar



__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Integration with multiple MS Teams instances

[Володимир Іванець]

Hello all!

I was able to connect Kamailio with MS Teams and now trying to add one more
Teams instance. It looks like I have some misconfiguration or there is a
bug.

My test server has 2 domain records pointing at it (kamailio.domain1.com
and kamailio.domain2.com). My tls.cfg configuration file looks like this.
As you can see the Default section is configured with a kamailio.domain1.com
sertificate:

*[server:default]*
*method = TLSv1.0+*
*require_certificate = no*
*verify_certificate = no*
*private_key =
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
*
*certificate =
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
*
*ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
*


*[client:default]*
*method = TLSv1.0+*
*require_certificate = no*
*verify_certificate = no*
*private_key =
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
*
*certificate =
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
*
*ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
*



*[server:172.16.30.206:5062 ]*
*method = TLSv1.0+*
*require_certificate = no*
*verify_certificate = no*
*private_key =
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
*
*certificate =
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
*
*ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
*
*server_name = "kamailio.domain1.com "*
*server_id = "**"kamailio.domain1.com "*


*[client:172.16.30.206:5062 ]*
*method = TLSv1.0+*
*require_certificate = no*
*verify_certificate = no*
*private_key =
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
*
*certificate =
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
*
*ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
*



*[server:172.16.30.206:5063 ]*
*method = TLSv1.0+*
*require_certificate = no*
*verify_certificate = no*
*private_key =
/var/kamailio/certificates/kamailio.domain2.com/server/key.pem
*
*certificate =
/var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
*
*ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
*
*server_name = "kamailio.domain2.com "*

*server_id = "**"kamailio.domain2.com "*


*[client:172.16.30.206:5063 ]*
*method = TLSv1.0+*
*require_certificate = no*
*verify_certificate = no*
*private_key =
/var/kamailio/certificates/kamailio.domain2.com/server/key.pem
*
*certificate =
/var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
*
*ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
*


The dispatcher configuration table looks like this:

++---+--+---+--++-+
| id | setid | destination  | flags |
priority | attrs
  | description |
++---+--+---+--++-+
|  1 | 1 | sip:sip.pstnhub.microsoft.com;transport=tls  | 0 |
 3 | socket=tls:172.16.30.206:5062;ping_from=sip:kamailio.domain1.com   |
MS Teams 1  |
|  2 | 2 | sip:sip.pstnhub.microsoft.com;transport=tls  | 0 |
 3 | socket=tls:172.16.30.206:5063;ping_from=sip:kamailio.domain2.com   |
MS Teams 2  |
++---+--+---+--++-+



When Kamailio is started only connection with the first trunk is
established:

*# kamcmd tls.list*
*{*
*id: 1*
*timeout: 0*
*src_ip: 52.114.75.24*
*src_port: 5061*
*dst_ip: 172.16.30.206*
*dst_port: 0*
*cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA
 Enc=AESGCM(256) Mac=AEAD*
*ct_wq_size: 0*
*enc_rd_buf: 0*
*flags: 2*
*state: establis

Re: [SR-Users] Integration with multiple MS Teams instances

[Rob van den Bulk]

Hello, are u using letsencrypt?

U can use a multi domain.

Muti domain names in one certificate

Outlook voor Android downloaden

From: sr-users  on behalf of Володимир 
Іванець 
Sent: Thursday, July 29, 2021 4:44:16 PM
To: Kamailio (SER) - Users Mailing List 
Subject: [SR-Users] Integration with multiple MS Teams instances

Hello all!

I was able to connect Kamailio with MS Teams and now trying to add one more 
Teams instance. It looks like I have some misconfiguration or there is a bug.

My test server has 2 domain records pointing at it 
(kamailio.domain1.com and 
kamailio.domain2.com). My tls.cfg configuration 
file looks like this. As you can see the Default section is configured with a 
kamailio.domain1.com sertificate:
[server:default]
method = TLSv1.0+
require_certificate = no
verify_certificate = no
private_key = 
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
certificate = 
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
ca_list = 
/var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem

[client:default]
method = TLSv1.0+
require_certificate = no
verify_certificate = no
private_key = 
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
certificate = 
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
ca_list = 
/var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem


[server:172.16.30.206:5062]
method = TLSv1.0+
require_certificate = no
verify_certificate = no
private_key = 
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
certificate = 
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
ca_list = 
/var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
server_name = "kamailio.domain1.com"
server_id = ""kamailio.domain1.com"

[client:172.16.30.206:5062]
method = TLSv1.0+
require_certificate = no
verify_certificate = no
private_key = 
/var/kamailio/certificates/kamailio.domain1.com/server/key.pem
certificate = 
/var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
ca_list = 
/var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem


[server:172.16.30.206:5063]
method = TLSv1.0+
require_certificate = no
verify_certificate = no
private_key = 
/var/kamailio/certificates/kamailio.domain2.com/server/key.pem
certificate = 
/var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
ca_list = 
/var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
server_name = "kamailio.domain2.com"
server_id = ""kamailio.domain2.com"

[client:172.16.30.206:5063]
method = TLSv1.0+
require_certificate = no
verify_certificate = no
private_key = 
/var/kamailio/certificates/kamailio.domain2.com/server/key.pem
certificate = 
/var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
ca_list = 
/var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem

The dispatcher configuration table looks like this:
++---+--+---+--++-+
| id | setid | destination  | flags | priority 
| attrs  | 
description |
++---+--+---+--++-+
|  1 | 1 | 
sip:sip.pstnhub.microsoft.com;transport=tls  
| 0 |3 | 
socket=tls:172.16.30.206:5062;ping_from=sip:kamailio.domain1.com
   | MS Teams 1  |
|  2 | 2 | 
sip:sip.pstnhub.microsoft.com;transport=tls  
| 0 |3 | 
socket=tls:172.16.30.206:5063;ping_from=sip:kamailio.domain2.com
   | MS Teams 2  |
++---+---

Re: [SR-Users] Integration with multiple MS Teams instances

[Володимир Іванець]

Hello Rob!

Yes, I'm using Letsencrypt while I'm testing. But I would like to be able
to use different certificates with different sockets.

I found this discussion https://github.com/kamailio/kamailio/issues/2413.
Looks like I need to use "tls_set_connect_server_id()" instead of setting
$xavp(tls=>server_name)" and "$xavp(tls[0]=>server_id)". Unfortunately I'm
currently using Kamailio v5.4 on my test system and this function is not
available. I will update Kamailio and give it another try. Then I will
update everyone in the hope it will be useful for someone :)

Thank you!

Regards, Volodymyr Ivanets

чт, 29 лип. 2021 о 19:07 Rob van den Bulk  пише:

> Hello, are u using letsencrypt?
>
> U can use a multi domain.
>
> Muti domain names in one certificate
>
> Outlook voor Android  downloaden
> --
> *From:* sr-users  on behalf of
> Володимир Іванець 
> *Sent:* Thursday, July 29, 2021 4:44:16 PM
> *To:* Kamailio (SER) - Users Mailing List 
> *Subject:* [SR-Users] Integration with multiple MS Teams instances
>
> Hello all!
>
> I was able to connect Kamailio with MS Teams and now trying to add one
> more Teams instance. It looks like I have some misconfiguration or there is
> a bug.
>
> My test server has 2 domain records pointing at it (kamailio.domain1.com
> and kamailio.domain2.com). My tls.cfg configuration file looks like this.
> As you can see the Default section is configured with a
> kamailio.domain1.com sertificate:
>
> *[server:default]*
> *method = TLSv1.0+*
> *require_certificate = no*
> *verify_certificate = no*
> *private_key =
> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
> *
> *certificate =
> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
> *
> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
> *
>
>
> *[client:default]*
> *method = TLSv1.0+*
> *require_certificate = no*
> *verify_certificate = no*
> *private_key =
> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
> *
> *certificate =
> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
> *
> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
> *
>
>
>
> *[server:172.16.30.206:5062 ]*
> *method = TLSv1.0+*
> *require_certificate = no*
> *verify_certificate = no*
> *private_key =
> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
> *
> *certificate =
> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
> *
> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
> *
> *server_name = "kamailio.domain1.com "*
> *server_id = "**"kamailio.domain1.com "*
>
>
> *[client:172.16.30.206:5062 ]*
> *method = TLSv1.0+*
> *require_certificate = no*
> *verify_certificate = no*
> *private_key =
> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
> *
> *certificate =
> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
> *
> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
> *
>
>
>
> *[server:172.16.30.206:5063 ]*
> *method = TLSv1.0+*
> *require_certificate = no*
> *verify_certificate = no*
> *private_key =
> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem
> *
> *certificate =
> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
> *
> *ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
> *
> *server_name = "kamailio.domain2.com "*
>
> *server_id = "**"kamailio.domain2.com "*
>
>
> *[client:172.16.30.206:5063 ]*
> *method = TLSv1.0+*
> *require_certificate = no*
> *verify_certificate = no*
> *private_key =
> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem
> *
> *certificate =
> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
> *
> *ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
> *
>
>
> The dispatcher configuration table looks like this:
>
>
> ++---+--+---+--+-

Re: [SR-Users] BYE not accepted by MS TEAMS

[João Vitor Arruda]

Hi Daniel,

Thanks for your reply.
Yes, I'm using the topos module. When I tried to run without it I actually
had more issue with the call flow not being able to even establish the call.

But your comment of not having both the both incoming and outgoing sip
messages in the trace actually gave some additional clues and I was now
able to fix the issue.
The problem happens because I was using "fix_nated_contact()" in the INVITE
received from Teams.

With that the Contact header received in the INVITE as:
CONTACT: 
is forwarded as:
CONTACT: 

Which is then used to construct the BYE that is not accepted by Teams.

Removing that line fixes the issue.

Thanks again!



Em ter., 27 de jul. de 2021 às 11:01, Daniel-Constantin Mierla <
mico...@gmail.com> escreveu:

> Hello,
>
> are you using topos module?
>
> If yes, can you try without it and see if there is any difference?
>
> Also, the sip trace you pasted in the previous message does not have both
> incoming and outgoing sip messages -- having them is useful for
> troubleshooting.
>
> Cheers,
> Daniel
> On 23.07.21 22:16, João Vitor Arruda wrote:
>
> Hello all,
>
> I recently built an SBC to integrate Kamailio with MS Teams
> following Henning Westerholt blob post and all the other awesome tips I was
> able to find here in the list.
>
> Everything is working great. The only missing piece I would like some
> thoughts on is about why MS Teams is not accepting the BYE sent from
> Kamailio.
> It eventually replies with "504 Server Time-out"
>
> The below trace shows the entire call.
>
> 
> 
> tag: rcv
> pid: 3381
> process: 63
> time: 1627070235.086307
> date: Fri Jul 23 19:57:15 2021
> proto: tls ipv4
> srcip: 52.114.76.76
> srcport: 4672
> dstip: SBC_IP_ADDR
> dstport: 5061
> 
> INVITE sip:+5515X@SBC-FQDN:5061;user=phone;transport=tls SIP/2.0
> FROM: "Last, First Name"
> 
> ;tag=bafa0f5a573749a7b494917c0309f544
> TO: 
> CSEQ: 1 INVITE
> CALL-ID: c9b2aa4f658f5788aa7090bef0f5e35e
> MAX-FORWARDS: 70
> VIA: SIP/2.0/TLS 52.114.76.76:5061;branch=z9hG4bK60895c91
> RECORD-ROUTE:
> 
> CONTACT:
> 
> CONTENT-LENGTH: 1103
> MIN-SE: 300
> SUPPORTED: timer
> USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2021.6.15.17 i.EUNO.0
> CONTENT-TYPE: application/sdp
> ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY
> PRIVACY: id
> SESSION-EXPIRES: 3600
>
> v=0
> o=- 599625 0 IN IP4 127.0.0.1
> s=session
> c=IN IP4 52.113.58.181
> b=CT:1000
> t=0 0
> m=audio 50122 RTP/SAVP 104 9 103 111 18 0 8 97 101 13 118
> c=IN IP4 52.113.58.181
> a=rtcp:50123
> a=ice-ufrag:fTy/
> a=ice-pwd:tQKGN0Szi7Q/vTdf6SiXUSpj
> a=rtcp-mux
> a=candidate:1 1 UDP 2130706431 52.113.58.181 50122 typ srflx raddr
> 10.0.33.230 rport 50122
> a=candidate:1 2 UDP 2130705918 52.113.58.181 50123 typ srflx raddr
> 10.0.33.230 rport 50123
> a=candidate:2 1 tcp-act 2121006078 52.113.58.181 49152 typ srflx raddr
> 10.0.33.230 rport 49152
> a=candidate:2 2 tcp-act 2121006078 52.113.58.181 49152 typ srflx raddr
> 10.0.33.230 rport 49152
> a=label:main-audio
> a=mid:1
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:PC00Mgk39GjTYJ+mUSNQg++TU6zJKar4VYDj4/ET|2^31
> a=sendrecv
> a=rtpmap:104 SILK/16000
> a=rtpmap:9 G722/8000
> a=rtpmap:103 SILK/8000
> a=rtpmap:111 SIREN/16000
> a=fmtp:111 bitrate=16000
> a=rtpmap:18 G729/8000
> a=fmtp:18 annexb=no
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:97 RED/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=rtpmap:13 CN/8000
> a=rtpmap:118 CN/16000
> a=ptime:20
> 
> 
> tag: snd
> pid: 3381
> process: 63
> time: 1627070235.089106
> date: Fri Jul 23 19:57:15 2021
> proto: tls ipv4
> srcip: SBC_IP_ADDR
> srcport: 5061
> dstip: 52.114.76.76
> dstport: 4672
> 
> SIP/2.0 100 trying -- your call is important to us
> FROM: "Last, First Name"
> 
> ;tag=bafa0f5a573749a7b494917c0309f544
> TO: 
> CSEQ: 1 INVITE
> CALL-ID: c9b2aa4f658f5788aa7090bef0f5e35e
> VIA: SIP/2.0/TLS 52.114.76.76:5061;branch=z9hG4bK60895c91;rport=4672
> Server: kamailio (5.3.7 (x86_64/linux))
> Content-Length: 0
>
> 
> 
> tag: snd
> pid: 3291
> process: 18
> time: 1627070235.111825
> date: Fri Jul 23 19:57:15 2021
> proto: tls ipv4
> srcip: SBC_IP_ADDR
> srcport: 5061
> dstip: 52.114.76.76
> dstport: 4672
> 
> SIP/2.0 180 Ringing
> FROM: "Last, First Name"
> 
> ;tag=bafa0f5a573749a7b494917c0309f544
> t:;tag=e55N8paBUgZac
> CALL-ID: c9b2aa4f658f5788aa7090bef0f5e35e
> CSEQ: 1 INVITE
> m:
> User-Agent:FreeSWITCH-mod_sofia/1.10.3-release~64bit
> Accept:application/sdp
>
> Allow:INVITE,ACK,BYE,CANCEL,OPTIONS,MESSAGE,INFO,UPDATE,REGISTER,REFER,NOTIFY
> k:path,replaces
> u:talk,hold,conference,refer
> l:0
> Via: SIP/2.0/TLS 52.114.76.76:5061;rport=4672;branch=z9hG4bK60895c91
> Record-Route:
> 
> ,
> 
> Record-Route:
> 
> P-SR-XBranch: z9hG4bKe7d4.5ae277881edb9c04a7ac65af016e582e.0
>
> 
> 
> tag: snd

[SR-Users] Access via script to location data in the memory

[Social Boh]

Hello List,

is there a way to access location data from kamailio script?

I mean data I can see with the command:

kamctl ul show

Regards

--
---
I'm SoCIaL, MayBe


__
Kamailio - Users Mailing List - Non Commercial Discussions
 * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
 * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Guidance tracking down "qm_free(): BUG: freeing already freed pointer"

[Daniel-Constantin Mierla]

I haven't developed nor used the outbound module myself, the lack of
support in hardphones made it unsolicited so far.

Maybe there is someone else that uses the outbound module and can share
the experience. There was a recent pull request to the module, so I
assume it's used by others.

Cheers,
Daniel

On 27.07.21 16:34, Anthony Joseph Messina wrote:
> Correct--that it when I see the "qm_free(): BUG: freeing already freed 
> pointer" error.  -A
>
> On Tuesday, July 27, 2021 9:05:45 AM CDT Daniel-Constantin Mierla wrote:
>> Hello,
>>
>> to be clear for me: the error messages pop up only when outbound module
>> is used and only for branches that are routed using outbound-specific
>> connections?
>>
>> Cheers,
>> Daniel
>>
>> On 25.07.21 04:55, Anthony Joseph Messina wrote:
>>> I've come a bit further to find how to reproduce...
>>>
>>> I have a single proxy/registrar mhomed setup and am trying to use outbound
>>> (rather than nathelper) to test a few UACs that seem to maintain their
>>> connection better with outbound.  (I am also using the dialog module).
>>>
>>> Everything else seems to work properly in light testing, except for the
>>> "qm_free(): BUG" issue, which only pops up when an "outbound" UAC is one
>>> of
>>> the branches (the other branches are not using outbound and are always
>>> directly connected on the "internal" side of the mhomed network.
>>>
>>> !define WITH_NAT -- disabled for outbound
>>> #!define WITH_OUTBOUND
>>>
>>> #!ifdef WITH_OUTBOUND
>>> modparam("registrar", "outbound_mode", 1)
>>> modparam("registrar", "flow_timer", 25)
>>> #!endif
>>>
>>> Snippet of the WITHINDLG route:
>>>
>>> # Handle requests within SIP dialogs
>>> route[WITHINDLG] {
>>>
>>> if(!has_totag()) return;
>>> 
>>> # sequential request withing a dialog should
>>> # take the path determined by record-routing
>>> if(loose_route()) {
>>> 
>>> # dlg_manage() with dlg_match_mode=2
>>> dlg_manage();
>>> 
>>> #route(DLGURI); -- NAT disabled
>>>
>>> On Friday, July 23, 2021 9:08:37 AM CDT Anthony Joseph Messina wrote:
 It's built upon the standard branch_route, but is customized to add
 rtpengine and dialog storage.

 I've attached the related routes.  Thanks.  -A

 On Friday, July 23, 2021 2:43:04 AM CDT Daniel-Constantin Mierla wrote:
> Hello,
>
> is it a custom configuration file or simply the default kamailio.cfg
> with parts of branch_route enabled/disabled? If it is custom, can you
> paste here the content of the branch route that you disable/enable parts
> of it and get the error messages?
>
> Overall, seem like trying to (re-)use a terminated transaction or
> branch.
>
> Cheers,
> Daniel
>
> On 23.07.21 00:19, Anthony Joseph Messina wrote:
>> I'm seeking guidance on how to track down "qm_free(): BUG: freeing
>> already
>> freed pointer" which occurs only on branched calls.  These errors don't
>> crash so I don't get any core dumps.  The different log entries below
>> are
>> the result of me selectively disabling sections of the script that
>> apply
>> in branch route, all to no avail.  I'm running Kamailio on the current
>> tip of the 5.5 branch (1f9f6fff6e).  I'm reviewing
>> https://www.kamailio.org/wiki/tutorials/troubleshooting/memory in the
>> meantime as a place to start.
>>
>>
>> version: kamailio 5.5.1-5.git1f9f6fff6e.fc34 (x86_64/linux) 7abebb
>> flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS,
>> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC,
>> F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
>> FAST_LOCK-ADAPTIVE_WAIT,
>> USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST,
>> HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024,
>> MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT
>> PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt,
>> select.
>>
>> CRITICAL:  [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing
>> already freed pointer (0x7f04b8f47e90), called from core:
>> core/data_lump.c: free_lump(470), first free textops: textops.c:
>> add_hf_helper(3474) - ignoring CRITICAL: 
>> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed
>> pointer
>> (0x7f04b8f06c70), called from core: core/data_lump.c: free_lump(470),
>> first free textops: textops.c: add_hf_helper(3474) - ignoring CRITICAL:
>>  [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed
>> pointer (0x7f08e8f9cf80), called from core: core/data_lump.c:
>> free_lump(470), first free core: core/parser/msg_parser.c:
>> reset_ua(994)
>> - ignoring CRITICAL:  [core/mem/q_malloc.c:519]: qm_free(): BUG:
>> freeing already freed pointer (0x7f2afafa60d8), called from core:
>> core

Re: [SR-Users] Access via script to location data in the memory

[Henning Westerholt]

Hello,

There are different functions in the registrar module, check them out: 
https://kamailio.org/docs/modules/devel/modules/registrar.html#idm576

reg_fetch_contacts(..) might be something you could use.

Cheers,

Henning

-- 
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://gilawa.com 

-Original Message-
From: sr-users  On Behalf Of Social Boh
Sent: Thursday, July 29, 2021 9:02 PM
To: sr-users@lists.kamailio.org
Subject: [SR-Users] Access via script to location data in the memory

Hello List,

is there a way to access location data from kamailio script?

I mean data I can see with the command:

kamctl ul show

Regards

-- 
---
I'm SoCIaL, MayBe


__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Setting up uacreg

[Duncan Turnbull]

Thanks Arsen

My perspective is evolving and I see we can go with two alternate scenarios
- we can register everything to Kamailio and then let asterisk find the
clients at Kamilio as well as accept clients from Kamailio. This requires
some testing for us to make sure asterisk thinks of the UAs happily but we
have that kind of working ok with repro but want to step up to Kamailio
- Alternately we can proxy through Kamailio to asterisk which is more
standard and if we implement the various security checks that will help a
lot. How hard is it to also add a check that the user registration passed
through is in an approved list, and then to segregate that by trusted
networks and external networks? I am thinking its just another check in the
registration route block that looks up a db table for the source ip and the
registration details.
- where should I put such a check? Is it one place or many?

I think we like option 2 for now. One day we can move to option 1 and just
use asterisk as a media server and have kamailio be the full front end

Cheers Duncan




On Thu, Jul 29, 2021 at 9:50 PM Arsen Semenov  wrote:

> Hi Duncan,
>
> There are plenty of options here.
>
> I think here is good place to start:
> https://www.kamailio.org/wiki/tutorials/security/kamailio-security
>
> You also can check https://www.apiban.org/doc.html
>
>
> Regards,
>
> On Thu, Jul 29, 2021 at 8:37 AM Duncan Turnbull 
> wrote:
>
>> Hi Arsen
>>
>> Thanks very much, I am looking at that now
>>
>> Is there an easy way to control the extensions that are proxied through
>> to asterisk so that we restrict the ability of outside scanning of
>> extension lists. I would like to limit the registrations for extensions
>> passed through to asterisk that come from an unknown / external ips.
>>
>> Thanks again
>>
>> Cheers Duncan
>>
>> On Wed, Jul 28, 2021 at 11:11 PM Arsen Semenov 
>> wrote:
>>
>>> You can check how Path works, it is described in rfc3327, this is
>>> probably what you need.
>>> From the Asterisk side; however, I can't tell whether it is supported by
>>> pjsip, there was some issue as I know, but at least chan_sip should support
>>> it.
>>> Also docs for kamailio registrar module.
>>> What do you mean by "limit the user ids that go through to asterisk"?
>>>
>>> On Wed, Jul 28, 2021 at 12:50 PM Duncan Turnbull 
>>> wrote:
>>>
 Hi Arsen

 Thanks very much for your reply

 We were using repro which does that but are interested in the wider
 capabilities of kamailio.

 We are wanting to limit the user ids that go through to asterisk and
 eventually have two kamailio servers that provide some failover

 I saw a slide pack from Fred Posner talking about fronting asterisk
 with kamailio and I probably jumped to uac without fully understanding what
 it’s purpose is

 I also saw that shared line appearance can be simulated using kamailio,
 and perhaps it needs the uac module to achieve that.

 My general understanding is new and growing so I am grateful for all
 advice or questions

 Thanks again

 Cheers Duncan

 On 28/07/2021, at 3:34 PM, Arsen Semenov  wrote:

 
 Hi Duncan,

 This scenario is quite new for me, not sure I got it right.. but why
 have you decided not to proxying requests to asterisks?
 By leveraging Path and Record-route headers Asterisk will know how to
 route the response back as well as new requests.
 And the proxy will know how to handle them.
 This is how kamailio is usually set as a front-end for media servers.



 On Wed, Jul 28, 2021 at 8:35 AM Duncan Turnbull 
 wrote:

> Hi there
>
> I am a new user of Kamailio and we are trying to use it to be as a
> front end for our asterisk pbx. We are running on Ubuntu 18.04 and 
> Kamailio
> 5.3.8 with Siremis
>
> Rather than proxying the request through to asterisk we are trying to
> use uacreg to send a login to asterisk. Asterisk will think all the users
> are appear from the proxy but thats okay. Initially this is just for
> external users but eventually all phones etc will register via Kamailio 
> and
> we will have the trunks there (and split them across another kamailio but
> thats another job)
>
> If I add a user to the uacreg then when I register to Kamailio it
> sends a register request but to the realm in the uacreg table and the
> matching port Kamailio is running on.
>
> Is this because somewhere we have set Kamailio to directly proxy on
> and we need to turn that off first?
>
> This is our uacreg table
>
> mysql> select * from uacreg;
>
> ++++++---+---+---+---+--++-+---+---++
> | id | l_uuid | l_username | l_domain   | r_username | r_domain  |
> r

Re: [SR-Users] Access via script to location data in the memory

[Raúl Alexis Betancor Santana]

If you mean, if there is another way appart from doing a lookup() call ... that 
depends on what you whant to do ... 'kamctl ul show' it's really a RPC call to 
the registar module, but if you store your location information on any DB 
backend (redis, mysql, etc.) you could use other modules like sqlops, redis, 
etc. to do searchs and manipulations.

Saludos 
-- 
Raúl Alexis Betancor Santana 
Serlink Telecom S.R.L.U.

- Mensaje original -
De: "Social Boh" 
Para: "Kamailio" 
Enviados: Jueves, 29 de Julio 2021 20:02:18
Asunto: [SR-Users] Access via script to location data in the memory

Hello List,

is there a way to access location data from kamailio script?

I mean data I can see with the command:

kamctl ul show

Regards

-- 
---
I'm SoCIaL, MayBe


__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users