Re: [SR-Users] simple GUI for Kamailio as a SBC - could be paid

[Igor Olhovskiy]

Krzysztof,

Have you looked at Siremis (https://siremis.asipto.com/)?

чт, 3 мар. 2022 г. в 07:34, Krzysztof Drewicz :

> Hello,
>
> We searched for a simple GUI that could drive a kamailio - a bunch of
> trunks, some custom logic, tried to use open source Sipwise C5 - a way too
> big and heavy.
>
> Any hints ? links ? Mabe a paid subscription?
>
> Our goal is - to have a GUI that could - put a version number to
> configuration, and have a simple way to audit changes - only to log - what
> was done, when and from which management account.
>
> vi + svn/git - it's working but this is no GUI, ACLs in sqlite, also work,
> but - need to have a ssh console, keep files in some repository - well this
> is simply inconvenient when you have more than 5 trunks with registration
> etc...
>
> BR,
>
>
>
> --
>
>
>
> *Krzysztof Drewicz*
> Senior Infrastructure Administrator
> CLUDO | ul. Grochowska 306/308, 03-840 Warszawa
> t+48221223977
>
> kdrew...@cludo.pl | www.cludo.pl 
>
>
> __
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>


-- 
Best regards,
Igor
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] simple GUI for Kamailio as a SBC - could be paid

[Krzysztof Drewicz]

Hello Igor,

czw., 3 mar 2022 o 09:17 Igor Olhovskiy  napisał(a):
>
> Krzysztof,
>
> Have you looked at Siremis (https://siremis.asipto.com/)?


Yeap, looks like - "too much" and it has a little stain, in other
words - i see it was developed with old Kamailio so i don't want to
use some project that is not being used / actively maintained.

you got it into a production? how does it work for you ?

Thanks

__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] simple GUI for Kamailio as a SBC - could be paid

[David Villasmil]

How do you mean “too much”? Maybe instead of asking such a general
question, ask what you’re specifically looking for? Because it’s obviously
not a general-use GUI (which is what siremis is, and not old 5.3, anything
new you can also collaborate)

On Thu, 3 Mar 2022 at 09:33, Krzysztof Drewicz 
wrote:

> Hello Igor,
>
> czw., 3 mar 2022 o 09:17 Igor Olhovskiy 
> napisał(a):
> >
> > Krzysztof,
> >
> > Have you looked at Siremis (https://siremis.asipto.com/)?
>
>
> Yeap, looks like - "too much" and it has a little stain, in other
> words - i see it was developed with old Kamailio so i don't want to
> use some project that is not being used / actively maintained.
>
> you got it into a production? how does it work for you ?
>
> Thanks
>
> __
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-- 
Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] rtpengine - SRTP <> RTP missing a=crypto

[Rhys Hanrahan]

Hi Everyone,

I have Kamailio sitting between MS Teams and Asterisk, and using rtpengine to 
terminate SRTP on Kamailio so that all my internal traffic is unencrypted. My 
current config works fine for inbound calls where I initiate the INVITE and 
Teams responds, but if Teams sends the INVITE I am having an issue where SRTP 
cannot finish negotiating. Non SRTP calls work fine with RTPEngine as well, so 
it's just the RTP to SRTP I am struggling with.

According to this I believe I must pass a=crypto in response to the INVITE 
which also has a=crypto: 
https://www.dialogic.com/-/media/1f8b54b43087407d9c2b38846c5c2cb5.ashx?h=408&w=622

You can see that in the initial invite from Teams, I get RTP/SAVP with 
a=crypto, but I do not send one in my OK response after 183 Session In 
Progress. As below - I am wondering if it's because not all audio channels seem 
to be getting swapped to SAVP?
I'd like to do a generic SRTP <> RTP bridge config (I've tried below). However, 
I am not 100% sure on how to detect when to swap between AVP and SAVP, so I've 
also tried just doing rtpengine_manage() and relying on other code to swap 
between SAVP or AVP *only* when going to/from Teams to keep it simple. I also 
tried both with and without "replace-origin replace-session-connection 
ICE=remove" but I still get the same behaviour in all cases.

Any advice appreciated, as this is my first time dealing with SRTP (and 
rtpengine). Feeling very stuck. Thanks!

branch_route[MANAGE_BRANCH] {
...
route(NATMANAGE);
route(HANDLE_SRTP);
}
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");

if(status=~"[12][0-9][0-9]") {
route(NATMANAGE);
}
route(HANDLE_SRTP);

}

route[HANDLE_SRTP] {
if (!has_body("application/sdp")) {
return;
}
rtpengine_manage();
return; # As a test, just do rtpengine_manage() and set SAVP/AVP 
elsewhere. Same behaviour.

# Handle bridging of RTP and SRTP

# Inbound traffic to SBC should be converted from SRTP to RTP
if (proto==TLS) {
rtpengine_manage("RTP/AVP");
# Outbound traffic destined to a TLS destination should be converted 
from RTP to SRTP
} else if ($ru =~ "transport=tls") {
rtpengine_manage("RTP/SAVP");
}
}

# INVITE from teams
rtpengine_manage("replace-origin replace-session-connection ICE=remove  
RTP/AVP");
# INVITE to teams
rtpengine_manage("replace-origin replace-session-connection ICE=remove  
RTP/SAVP");


INVITE sip:+614x...@rh.sbc-syd-01.teams.:5061;user=phone;transport=tls 
SIP/2.0^M
...
v=0^M
o=- 57931 0 IN IP4 127.0.0.1^M
s=session^M
c=IN IP4 52.113.76.53^M
b=CT:1000^M
t=0 0^M
m=audio 51398 RTP/SAVP 104 9 103 111 18 0 8 97 101 13 118^M
c=IN IP4 52.113.76.53^M
a=rtcp:51399^M
a=ice-ufrag:C8ss^M
a=ice-pwd:2bV9D6GcXF5f8m0px/wufQD/^M
a=rtcp-mux^M
a=candidate:1 1 UDP 2130706431 52.113.76.53 51398 typ srflx raddr 10.0.32.179 
rport 51398^M
a=candidate:1 2 UDP 2130705918 52.113.76.53 51399 typ srflx raddr 10.0.32.179 
rport 51399^M
a=candidate:2 1 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 
10.0.32.179 rport 49152^M
a=candidate:2 2 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 
10.0.32.179 rport 49152^M
a=label:main-audio^M
a=mid:1^M
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:geUHLB1mshmnI5hN83bnO57Hbdm2i7dD14sDAnpA|2^31^M
a=sendrecv^M
a=rtpmap:104 SILK/16000^M
a=rtpmap:9 G722/8000^M
a=rtpmap:103 SILK/8000^M
a=rtpmap:111 SIREN/16000^M
a=fmtp:111 bitrate=16000^M
a=rtpmap:18 G729/8000^M
a=fmtp:18 annexb=no^M
a=rtpmap:0 PCMU/8000^M
a=rtpmap:8 PCMA/8000^M
a=rtpmap:97 RED/8000^M
a=rtpmap:101 telephone-event/8000^M
a=fmtp:101 0-16^M
a=rtpmap:13 CN/8000^M
a=rtpmap:118 CN/16000^M
a=ptime:20^M
I correctly convert to/from RTP/AVP and RTP/SAVP for the 183 Session in 
progress. It is RTP/SAVP before going to Teams:

SIP/2.0 183 Session Progress^M
...
v=0^M
o=- 57931 2 IN IP4 1.2.3.4^M
s=NexusOne^M
c=IN IP4 1.2.3.4^M
t=0 0^M
m=audio 37820 RTP/SAVP 9 8 0 101^M
a=maxptime:150^M
a=mid:1^M
a=rtpmap:9 G722/8000^M
a=rtpmap:8 PCMA/8000^M
a=rtpmap:0 PCMU/8000^M
a=rtpmap:101 telephone-event/8000^M
a=fmtp:101 0-16^M
a=sendrecv^M
a=rtcp:37821^M
a=ptime:20^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M

But then when I send the OK after the 183, I am setting RTP/SAVP before sending 
to MS Teams, but not setting a=crypto:
Also note that I can see there are _some_ channels still as RTP/AVP so maybe 
this is part of the issue.

SIP/2.0 200 OK^M
...
v=0^M
o=- 57931 2 IN IP4 1.2.3.4^M
s=NexusOne^M
c=IN IP4 1.2.3.4^M
t=0 0^M
m=audio 37820 RTP/SAVP 9 8 0 101^M
a=maxptime:150^M
a=mid:1^M
a=rtpmap:9 G722/8000^M
a=rtpmap:8 PCMA/8000^M
a=rtpmap:0 PCMU/8000^M
a=rtpmap:101 telephone-event/8000^M
a=fmtp:101 0-16^M
a=sendrecv^M
a=rtcp:37821^M
a=ptime:20^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M
m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 1

Re: [SR-Users] simple GUI for Kamailio as a SBC - could be paid

[Krzysztof Drewicz]

czw., 3 mar 2022 o 12:10 David Villasmil
 napisał(a):
>
> How do you mean “too much”? Maybe instead of asking such a general question, 
> ask what you’re specifically looking for? Because it’s obviously not a 
> general-use GUI (which is what siremis is, and not old 5.3, anything new you 
> can also collaborate)


What do I need:
have a team 6+ admins, give them access to make new trunks, change
registrations or ACLs , but log changes,  put a version number to any
configuration, rollback/commit this config.
be able still to write cfg files if necessary.
use gui not a text editor and ssh + cfg file, dont use a 'sql' and
'insert/update' but do it with a any gui tool.

if there is no ready solution, well - ACLs in txt files and ssh work
for me, but i simply hoped for something small that would do the trick

this is not some wholesale and 1+ accounts, like 10-50 sip-t,
maybe 10 with ACL based on IP, 40 registration etc.

could be paid system, by license or support, must be installed on-prem
on our kamailio not somewhere in the cloud.

kd,

__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] simple GUI for Kamailio as a SBC - could be paid

[David Villasmil]

What you’re asking is no small thing, I don’t know of a GUI like that.

Maybe someone else does.

ACL via text files is not a problem, look at permissions module

On Thu, 3 Mar 2022 at 11:37, Krzysztof Drewicz 
wrote:

> czw., 3 mar 2022 o 12:10 David Villasmil
>  napisał(a):
> >
> > How do you mean “too much”? Maybe instead of asking such a general
> question, ask what you’re specifically looking for? Because it’s obviously
> not a general-use GUI (which is what siremis is, and not old 5.3, anything
> new you can also collaborate)
>
>
> What do I need:
> have a team 6+ admins, give them access to make new trunks, change
> registrations or ACLs , but log changes,  put a version number to any
> configuration, rollback/commit this config.
> be able still to write cfg files if necessary.
> use gui not a text editor and ssh + cfg file, dont use a 'sql' and
> 'insert/update' but do it with a any gui tool.
>
> if there is no ready solution, well - ACLs in txt files and ssh work
> for me, but i simply hoped for something small that would do the trick
>
> this is not some wholesale and 1+ accounts, like 10-50 sip-t,
> maybe 10 with ACL based on IP, 40 registration etc.
>
> could be paid system, by license or support, must be installed on-prem
> on our kamailio not somewhere in the cloud.
>
> kd,
>
> __
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-- 
Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

[Rhys Hanrahan]

Hey Matthias,

Thanks for the reply, and the pointers!

I guess the thing that’s confusing me most is that in my existing config, the 
183 reply from Asterisk comes in as RTP/AVP and then Kamailio *does* change it 
to RTP/SAVP in the 183 forwarded to teams *and* the same thing happens for the 
subsequent 200 OK. So to me that indicates that rtpengine_manage is already 
re-writing the SDP offers between RTP and SRTP to some level? But for some 
reason the crypto attribute is still missing in this one case.

If I remove my attempts to re-write to/from RTP/SAVP then it’s RTP/AVP all the 
way through (as that’s what Asterisk sends to Kamailio) and it gets rejected 
because SRTP is required, whereas right now it fails because SRTP fails to 
negotiate – so it’s not the same error.

Regardless, I am still working on a solution based on what you’ve said where I 
more explicitly call rtpengine_manage and pass in RTP/AVP or SAVP in 
MANAGE_BRANCH and MANAGE_REPLY. But no luck yet! Still missing the crypto 
attribute in the same spot unfortunately.

Thanks.

Rhys Hanrahan | Chief Information Officer
e: r...@nexusone.com.au

[www.nexusone.com.au]   [signature_21907561] 


NEXUS ONE | FUSION TECHNOLOGY SOLUTIONS
p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 
Elizabeth Street, Sydney NSW 2000
www.nexusone.com.au | 
www.fusiontech.com.au

The information in this email and any accompanying attachments may contain; a. 
Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty 
Ltd or third parties; b. Legally privileged information of Fusion Technology 
Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright 
material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third 
parties. If you have received this email in error, please notify the sender 
immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus 
One Pty Ltd does not accept any responsibility for loss or damage arising from 
the use or distribution of this email.

Please consider the environment before printing this email.


From: sr-users  on behalf of Matthias 
Urlichs 
Reply to: "Kamailio (SER) - Users Mailing List" 
Date: Thursday, 3 March 2022 at 11:06 pm
To: "sr-users@lists.kamailio.org" 
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

On 03.03.22 12:07, Rhys Hanrahan wrote:
Any advice appreciated, as this is my first time dealing with SRTP (and 
rtpengine). Feeling very stuck. Thanks!

Yeah, me too. ;-)

Basically you need to call "rtpengine_manage" with the correct parameter, i.e. 
either RTP/AVP or RTP/SAVP, based on whether audio to the destination of the 
message is to be encrypted or not. This applies to basically any message with 
"application/sdp" content, i.e. both the INVITE *and* the 183 or 200 reply.

Thus if you relay from encrypted to plaintext, the INVITE's handler needs to 
call rtpengine_manage("… RTP/AVP") and the response handler needs to call 
rtpengine_manage("… RTP/SAVP").

In my code I discover these settings (for both call source and destination) 
during the INVITE, then I save them in a couple of XAVU variables. All the 
other handlers just select source / destination based on whether the message's 
source IP address is the same as the INVITE's.

IMHO it's way easier to program the whole thing in Python instead of Kamailio's 
language. This in turn would be much simpler if Kamailio used threads instead 
of separate processes and shared memory, but apparently you can't have 
everything. :-P

--

-- Matthias Urlichs
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

[Rhys Hanrahan]

Hi Richard,

Yes, from what I’ve seen in the logs there are multiple branches happening. One 
between Teams and Kamailio and one between Kamailio and Asterisk.

In terms of the rtpengine processing, I’ve tried lots of different variations, 
but right now I’ve got:

  *   Rtpengine_manage() by itself for new branches and replies (MANAGE_BRANCH, 
MANAGE_REPLY)
  *   Rtpengine_manage(“RTP/AVP”) or rtpengine_manage(“RTP/SAVP”) essentially 
in request_route for the initial invites to/from Teams
  *   I do also have the stock NATMANAGE using rtpengine but there’s no NAT 
involved here so I don’t think it applies.

So as far as I can tell, I shouldn’t be calling rtpengine_manage multiple 
times. Is this bad to do? I did have previous configs where I was doing this. 
E.g. during RELAY I would call it with general options and then just modify AVP 
or SAVP in another section.

Interestingly, I noticed that a new branch is created just as I answer the 
call, and this is when it fails, so perhaps the issue is with how I’m handling 
new branches then? Below is a bit of a log to try and summarise what’s 
happening. Unfortunately it’s not logging the MS Teams side of the call except 
for the initial invite.

I will work on getting you a sip dump as it’s probably the easiest way to 
properly see what’s going on. Thanks!

root@sbc5-syd-01:/etc/kamailio# tail -f /var/log/syslog | grep RTPEngine
Mar  4 00:39:38 sbc5-syd-01 kamailio[9240]: 44(9311) ERROR: {1 1 INVITE 
5b76dfb297c455358bb0ec0dac3c1af7} 

Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

[Rhys Hanrahan]

Awesome, thank you for this. I did take a look at the rtpengine logs earlier 
but they didn’t seem particularly useful at the time. I will have to take a 
look tomorrow at how to enable debug logs, and will likely post on the 
rtpengine list for further advice, so thanks for pointing that out.

Thanks,
Rhys.

From: sr-users  on behalf of Richard Fuchs 

Organisation: Sipwise GmbH
Reply to: "Kamailio (SER) - Users Mailing List" 
Date: Friday, 4 March 2022 at 1:17 am
To: "sr-users@lists.kamailio.org" 
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

On 03/03/2022 08.47, [EXT] Rhys Hanrahan wrote:
Hi Richard,

Yes, from what I’ve seen in the logs there are multiple branches happening. One 
between Teams and Kamailio and one between Kamailio and Asterisk.

In terms of the rtpengine processing, I’ve tried lots of different variations, 
but right now I’ve got:

  1.  Rtpengine_manage() by itself for new branches and replies (MANAGE_BRANCH, 
MANAGE_REPLY)
  2.  Rtpengine_manage(“RTP/AVP”) or rtpengine_manage(“RTP/SAVP”) essentially 
in request_route for the initial invites to/from Teams
  3.  I do also have the stock NATMANAGE using rtpengine but there’s no NAT 
involved here so I don’t think it applies.

So as far as I can tell, I shouldn’t be calling rtpengine_manage multiple 
times. Is this bad to do? I did have previous configs where I was doing this. 
E.g. during RELAY I would call it with general options and then just modify AVP 
or SAVP in another section.

Interestingly, I noticed that a new branch is created just as I answer the 
call, and this is when it fails, so perhaps the issue is with how I’m handling 
new branches then? Below is a bit of a log to try and summarise what’s 
happening. Unfortunately it’s not logging the MS Teams side of the call except 
for the initial invite.

What usually happens (and this is a common mistake that can be confirmed by 
looking at the logs produced by rtpengine) is that rtpengine is invoked 
multiple times for the same invite (once in each branch) with different 
options, but without telling rtpengine that these are branches. From 
rtpengine's POV these invites are all in the same branch then, and the options 
used in a later invocation are simply overriding the options used in previous 
invocations. So when the last invocation was using plain RTP and then the reply 
is using SRTP belonging to a different invocations, then rtpengine would not 
know about the SRTP attributes any more.

But without detailed logs this is just a speculation. You can see the actual 
signalling to rtpengine in the logs produced by rtpengine (especially with 
debug logging enabled). It's also possible that the signalling direction is 
reversed for example.

BTW we have a mailing list dedicated to rtpengine questions: 
https://rtpengine.com/mailing-list

Cheers
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

[Rhys Hanrahan]

OK, I know this might be better served on the rtpengine list but just wanted to 
quickly post a debug log incase you get a chance to take a look overnight (my 
night hehe). https://pastebin.com/iHRQSTuD

Thanks!
Rhys.

From: sr-users  on behalf of Rhys Hanrahan 

Reply to: "Kamailio (SER) - Users Mailing List" 
Date: Friday, 4 March 2022 at 1:29 am
To: "Kamailio (SER) - Users Mailing List" 
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

Awesome, thank you for this. I did take a look at the rtpengine logs earlier 
but they didn’t seem particularly useful at the time. I will have to take a 
look tomorrow at how to enable debug logs, and will likely post on the 
rtpengine list for further advice, so thanks for pointing that out.

Thanks,
Rhys.

From: sr-users  on behalf of Richard Fuchs 

Organisation: Sipwise GmbH
Reply to: "Kamailio (SER) - Users Mailing List" 
Date: Friday, 4 March 2022 at 1:17 am
To: "sr-users@lists.kamailio.org" 
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

On 03/03/2022 08.47, [EXT] Rhys Hanrahan wrote:
Hi Richard,

Yes, from what I’ve seen in the logs there are multiple branches happening. One 
between Teams and Kamailio and one between Kamailio and Asterisk.

In terms of the rtpengine processing, I’ve tried lots of different variations, 
but right now I’ve got:

  1.  Rtpengine_manage() by itself for new branches and replies (MANAGE_BRANCH, 
MANAGE_REPLY)
  2.  Rtpengine_manage(“RTP/AVP”) or rtpengine_manage(“RTP/SAVP”) essentially 
in request_route for the initial invites to/from Teams
  3.  I do also have the stock NATMANAGE using rtpengine but there’s no NAT 
involved here so I don’t think it applies.

So as far as I can tell, I shouldn’t be calling rtpengine_manage multiple 
times. Is this bad to do? I did have previous configs where I was doing this. 
E.g. during RELAY I would call it with general options and then just modify AVP 
or SAVP in another section.

Interestingly, I noticed that a new branch is created just as I answer the 
call, and this is when it fails, so perhaps the issue is with how I’m handling 
new branches then? Below is a bit of a log to try and summarise what’s 
happening. Unfortunately it’s not logging the MS Teams side of the call except 
for the initial invite.

What usually happens (and this is a common mistake that can be confirmed by 
looking at the logs produced by rtpengine) is that rtpengine is invoked 
multiple times for the same invite (once in each branch) with different 
options, but without telling rtpengine that these are branches. From 
rtpengine's POV these invites are all in the same branch then, and the options 
used in a later invocation are simply overriding the options used in previous 
invocations. So when the last invocation was using plain RTP and then the reply 
is using SRTP belonging to a different invocations, then rtpengine would not 
know about the SRTP attributes any more.

But without detailed logs this is just a speculation. You can see the actual 
signalling to rtpengine in the logs produced by rtpengine (especially with 
debug logging enabled). It's also possible that the signalling direction is 
reversed for example.

BTW we have a mailing list dedicated to rtpengine questions: 
https://rtpengine.com/mailing-list

Cheers
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

[Ovidiu Sas]

Are you sure that you have multiple branches?
You mentioned that you have kamailio in between asterisk and MS. In
this case, usually this is a simple call with one branch.
You have multiple branches if you fork the call (parallel forking:
sending to multiple destinations when the initial invite is received
or serial forking: re-routing the call to a new destination when
negative replies are received).

-ovidiu


On Thu, Mar 3, 2022 at 8:50 AM Rhys Hanrahan  wrote:
>
> Hi Richard,
>
>
>
> Yes, from what I’ve seen in the logs there are multiple branches happening. 
> One between Teams and Kamailio and one between Kamailio and Asterisk.
>
>
>
> In terms of the rtpengine processing, I’ve tried lots of different 
> variations, but right now I’ve got:
>
> Rtpengine_manage() by itself for new branches and replies (MANAGE_BRANCH, 
> MANAGE_REPLY)
> Rtpengine_manage(“RTP/AVP”) or rtpengine_manage(“RTP/SAVP”) essentially in 
> request_route for the initial invites to/from Teams
> I do also have the stock NATMANAGE using rtpengine but there’s no NAT 
> involved here so I don’t think it applies.
>
>
>
> So as far as I can tell, I shouldn’t be calling rtpengine_manage multiple 
> times. Is this bad to do? I did have previous configs where I was doing this. 
> E.g. during RELAY I would call it with general options and then just modify 
> AVP or SAVP in another section.
>
>
>
> Interestingly, I noticed that a new branch is created just as I answer the 
> call, and this is when it fails, so perhaps the issue is with how I’m 
> handling new branches then? Below is a bit of a log to try and summarise 
> what’s happening. Unfortunately it’s not logging the MS Teams side of the 
> call except for the initial invite.
>
>
>
> I will work on getting you a sip dump as it’s probably the easiest way to 
> properly see what’s going on. Thanks!
>
>
>
> root@sbc5-syd-01:/etc/kamailio# tail -f /var/log/syslog | grep RTPEngine
>
> Mar  4 00:39:38 sbc5-syd-01 kamailio[9240]: 44(9311) ERROR: {1 1 INVITE 
> 5b76dfb297c455358bb0ec0dac3c1af7} 

Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

[Rhys Hanrahan]

Thanks guys! I was definitely just going off the default logging calls saying 
“new branch to xxx” in MANAGE_BRANCH. I am not intentionally creating separate 
branches in my config, so I guess it must be 1 branch! Good to know. Branches 
is another topic I still need to learn a lot more about.

Hopefully I can come up with the right config. I will keep working on it and 
let you know how I go.

Thanks,
Rhys.

From: sr-users  on behalf of Matthias 
Urlichs 
Reply to: "Kamailio (SER) - Users Mailing List" 
Date: Friday, 4 March 2022 at 2:01 am
To: "sr-users@lists.kamailio.org" 
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

On 03.03.22 14:47, Rhys Hanrahan wrote:
Yes, from what I’ve seen in the logs there are multiple branches happening. One 
between Teams and Kamailio and one between Kamailio and Asterisk.

That's just one branch; the incoming call doesn't count. "Real" additional 
branches are created by calling functions like "append_branch".

You should definitely ensure (by adding appropriate logging calls) that 
"rtpengine_manage" is called exactly once per outgoing application/sdp message, 
with all requisite arguments(*). Anything else is a recipe for confusion. In my 
experience that's sufficient(**) to get it all working quite nicely.

(*) "trust-address replace-origin replace-session-connection", plus either 
RTP/AVP or RTP/SAVP

(**) unless the opposite end is broken. Right now, for instance, talking to 
Zoom Europe requires a heap of "SDES-no-RANDOM_CRYPTO_ALGORITHM" arguments, for 
both incoming and outgoing calls. Discovering that fix was decidedly nontrivial.

--

-- regards

--

-- Matthias Urlichs
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] simple GUI for Kamailio as a SBC - could be paid

[Seven Du]

We have some GUI for FreeSWITCH, written in Lua in FreeSWITCH and React JS
in browser. All configs in PostgreSQL database.

We recently added some Kamailio configs, like for dispatcher and dialplan
modules,  and ported the Lua scripts for CURD to OpenResty (Nginx + Lua).
We also tried to port to Kamailio since Kamilio can also interpret Lua, the
main stuff works but is far from completion.

We also logged any changes to any resource like routing etc..

What we try to do is to build a small system that is simple and doesn't
have 100 dependencies.

But, small systems cannot make money unless you can sell 1+ copies. :)

Let me know if anyone would like to try it, we are not yet ready to release
it but maybe soon if it can get more attention.


On Thu, Mar 3, 2022 at 8:48 PM David Villasmil <
david.villasmil.w...@gmail.com> wrote:

> What you’re asking is no small thing, I don’t know of a GUI like that.
>
> Maybe someone else does.
>
> ACL via text files is not a problem, look at permissions module
>
> On Thu, 3 Mar 2022 at 11:37, Krzysztof Drewicz 
> wrote:
>
>> czw., 3 mar 2022 o 12:10 David Villasmil
>>  napisał(a):
>> >
>> > How do you mean “too much”? Maybe instead of asking such a general
>> question, ask what you’re specifically looking for? Because it’s obviously
>> not a general-use GUI (which is what siremis is, and not old 5.3, anything
>> new you can also collaborate)
>>
>>
>> What do I need:
>> have a team 6+ admins, give them access to make new trunks, change
>> registrations or ACLs , but log changes,  put a version number to any
>> configuration, rollback/commit this config.
>> be able still to write cfg files if necessary.
>> use gui not a text editor and ssh + cfg file, dont use a 'sql' and
>> 'insert/update' but do it with a any gui tool.
>>
>> if there is no ready solution, well - ACLs in txt files and ssh work
>> for me, but i simply hoped for something small that would do the trick
>>
>> this is not some wholesale and 1+ accounts, like 10-50 sip-t,
>> maybe 10 with ACL based on IP, 40 registration etc.
>>
>> could be paid system, by license or support, must be installed on-prem
>> on our kamailio not somewhere in the cloud.
>>
>> kd,
>>
>> __
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>   * sr-users@lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.w...@gmail.com
> phone: +34669448337
> __
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>


-- 
About: http://about.me/dujinfang
Blog: http://www.dujinfang.com
Other:  http://rts.cn
__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Dialog module errors with dmq

[Olli Attila]

Hello,

I have two Kamailio nodes. Couple of days of ago I enabled dmq to
replicate dialogs between these two Kamailio nodes. Now that the dmq
is enabled, we are seeing lot of warning and notice messages on
kamailio logs related to the dialog module. Is there something I have
missed when configuring dlg_manage & dmq replication that might cause
this? No calls have been affected negatively by this though.

Kamailio 1 node prints lot of this:
Mar  4 08:20:25 /usr/sbin/kamailio[14316]: WARNING: dialog
[dlg_handlers.c:1328]: dlg_onroute(): unable to find dialog for ACK
with route param 'a5d.ebf1' [3418:8126] and call-id
'SDiu98001-dd9c12fea650b9d1408dd672a2c51c9f-v300g00020'
Mar  4 08:20:28 /usr/sbin/kamailio[14313]: WARNING: dialog
[dlg_handlers.c:1328]: dlg_onroute(): unable to find dialog for BYE
with route param 'a5d.ebf1' [3418:8126] and call-id
'SDiu98001-dd9c12fea650b9d1408dd672a2c51c9f-v300g00020'
Mar  4 08:21:56 /usr/sbin/kamailio[14315]: WARNING: dialog
[dlg_handlers.c:1328]: dlg_onroute(): unable to find dialog for ACK
with route param '689.f2f1' [2438:7983] and call-id
'SD8o63c01-47972a87ee1fd8791ddf27b650badcba-v300g00010'

Kamailio 2 node prints lot of this:
Mar  4 08:20:29 /usr/sbin/kamailio[8005]: NOTICE: dialog
[dlg_hash.c:242]: dlg_clean_run(): dialog in early state is too old
(0x7fe07b84e980 ref 1)
Mar  4 08:20:29 /usr/sbin/kamailio[8005]: NOTICE: dialog
[dlg_hash.c:242]: dlg_clean_run(): dialog in early state is too old
(0x7fe07bb03360 ref 1)
Mar  4 08:21:59 /usr/sbin/kamailio[8005]: NOTICE: dialog
[dlg_hash.c:242]: dlg_clean_run(): dialog in early state is too old
(0x7fe07b528300 ref 1)


(Version: kamailio 5.5.3 (x86_64/linux) 473cef on both kamailio nodes)

[root@kamailio-1]# kamcmd dmq.list_nodes
{
host: 172.19.194.140
port: 5060
proto: *
resolved_ip: 172.19.194.140
status: active
last_notification: 0
local: 0
}
{
host: 172.19.194.132
port: 5060
proto: *
resolved_ip: 172.19.194.132
status: active
last_notification: 0
local: 1
}

[root@kamailio-2]# kamcmd dmq.list_nodes
{
host: 172.19.194.132
port: 5060
proto: *
resolved_ip: 172.19.194.132
status: active
last_notification: 0
local: 0
}
{
host: 172.19.194.140
port: 5060
proto: *
resolved_ip: 172.19.194.140
status: active
last_notification: 0
local: 1
}


### On Kamailio 1: ###
#!define DMQ_LOCAL_ADDR "sip:172.19.194.132:5060"
#!define DMQ_PEER_ADDR "sip:172.19.194.140:5060"
### On Kamailio 2: ###
#!define DMQ_LOCAL_ADDR "sip:172.19.194.140:5060"
#!define DMQ_PEER_ADDR "sip:172.19.194.132:5060"

### On Kamailio 1 & 2:###
modparam("dmq", "server_address", DMQ_LOCAL_ADDR)
modparam("dmq", "notification_address", DMQ_PEER_ADDR)
modparam("dialog", "profiles_with_value", "total_dialogs")
modparam("dialog", "enable_dmq", 1)

route[INITIAL] {
...located at the bottom of the initial route...
if(is_method("INVITE") && !has_totag()) {
dlg_manage();
}
}



Cheers,
Olli

__
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users