[SR-Users] Re: replies using the wrong protocol
Hi The INVITE would also be interesting. Does the Contact: Header in the invite contain the transport=tls attribute? Souldn't the 200 OK reply contain at least one Record-Route (the lowest one) stating transport=tls? PS: I was facing a similar issue with a commercial SBC which, when TLS/TCP is not licensed, has the oddity to remove the transport attribute from the contact header and send new transactions in the same dialog without specifying transport (defaulting to UDP). So I had to create a copy the value of the transport header to a custom t= contact attribute, which I then use to restore the U-URI transport attribute towards the registrar handling the CPE connection. > 200 OK from carrier > SIP/2.0 200 OK > Via: SIP/2.0/TLS > KAM_PUB_IP:5061;branch=z9hG4bK18ff.3d856b8b0b007414ab2dec09cbabd574.0;i=a2 > Via: SIP/2.0/TLS > FS_PUB_IP:5061;received=FS_PUB_IP;rport=56403;branch=z9hG4bKKaee61yyZ98De > From: "+14388006102" ;tag=XjQ5g4Ze5UaZp > To: ;tag=gK04d33797 > Call-ID: b99c2b65-a827-123d-1984-4201c0a80193 > CSeq: 84807919 INVITE > Record-Route: > > Accept: application/sdp, application/isup, application/dtmf, > application/dtmf-relay, multipart/mixed > Contact: > Allow: > INVITE,ACK,CANCEL,BYE,REGISTER,INFO,SUBSCRIBE,NOTIFY,PRACK,UPDATE,OPTIONS,MESSAGE,PUBLISH > Require: timer > Supported: timer > Session-Expires: 1800;refresher=uac > Content-Length:324 > Content-Disposition: session; handling=required > Content-Type: application/sdp > > v=0 > o=Sonus_UAC 913845 351585 IN IP4 CARRIER_PUB_IP > s=SIP Media Capabilities > c=IN IP4 206.146.100.22 > t=0 0 > m=audio 33168 RTP/SAVP 0 101 > a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:LfSgFSVqhXNWMSziOtwpEeYmNu0/kGiyuMVS8VXy > a=rtpmap:0 PCMU/8000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-15 > a=sendrecv > a=ptime:20 > > > ACK Kam is sending > > ACK sip:933@CARRIER_PUB_IP:5061 SIP/2.0 > Via: SIP/2.0/UDP > KAM_PUB_IP:5060;branch=z9hG4bK18ff.f8c56ea9cad44dc10408188224b923cf.0;i=a2 > Via: SIP/2.0/TLS > FS_PUB_IP:5061;received=FS_PUB_IP;rport=56403;branch=z9hG4bKmK767vF2vjZ0S > Max-Forwards: 69 > From: "+14388006102" ;tag=XjQ5g4Ze5UaZp > To: ;tag=gK04d33797 > Call-ID: b99c2b65-a827-123d-1984-4201c0a80193 > CSeq: 84807919 ACK > Contact: > Content-Length: 0 > __ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: > Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Possibility to print values of Core Keywords in Kamailio configuration file
Hello Victor, I am impressed by how useful and helpful this module is. Thank you very much, I have tried it. It is very important to check the status of variables before and after a given route, as well as the SIP_IN and SIP_OUT messages. I have configured the mask parameter with a value of 32. However, I still haven't received the core keyword values. Thank you again, I really needed to know about this module. Mohamed. __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Possibility to print values of Core Keywords in Kamailio configuration file
Yes, the pv module has many useful pseudovariables, and many of the core keywords can be accessed through pv. However, I am facing an issue with the source port of the SIP message. When I use $sp, it shows the source port of the transport layer, not the SIP application layer. I want to explore other keywords to find the exact SIP application layer source port. Regards, Mohamed. __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Possibility to print values of Core Keywords in Kamailio configuration file
Hello, are you saying you are getting a different result when using: - src_port, vs. - $sp If not, please give more details what you are interested in. Cheers, Henning > -Original Message- > From: sadik.oualla.mohamed--- via sr-users > Sent: Donnerstag, 20. Juni 2024 14:07 > To: sr-users@lists.kamailio.org > Cc: sadik.oualla.moha...@gmail.com > Subject: [SR-Users] Re: Possibility to print values of Core Keywords in > Kamailio > configuration file > > Yes, the pv module has many useful pseudovariables, and many of the core > keywords can be accessed through pv. > > However, I am facing an issue with the source port of the SIP message. When I > use $sp, it shows the source port of the transport layer, not the SIP > application > layer. > > I want to explore other keywords to find the exact SIP application layer > source > port. > > Regards, > Mohamed. > __ > Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe > send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
Originating invite towards carrier. Yes, the contact includes the transport=tls. INVITE sip:933@CARRIER_PUB_IP:5061;transport=tls SIP/2.0 Record-Route: Via: SIP/2.0/TLS KAM_PUB_IP:5061;branch=z9hG4bK317b.e2cd4e0e036cc3a13f6bb1a86e1db84e.0;i=f1 Via: SIP/2.0/TLS FS_PUB_IP:5061;received=FS_PUB_IP;rport=39577;branch=z9hG4bKF0jKaBSBpQtXF Max-Forwards: 69 From: "2029200292" ;tag=09c1cZr21c5HF To: Call-ID: 8460387e-a536-123d-1984-4201c0a80193 CSeq: 84646169 INVITE Contact: User-Agent: FreeSWITCH-mod_sofia/1.10.7-release-19-883d2cb662~64bit Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY Supported: timer, path, replaces Allow-Events: talk, hold, conference, refer Privacy: none Content-Type: application/sdp Content-Disposition: session Content-Length: 753 X-FS-Support: update_display,send_info P-Asserted-Identity: "2029200292" P-Hint: outbound v=0 o=FreeSWITCH 1718380362 1718380363 IN IP4 KAM_PUB_IP s=FreeSWITCH c=IN IP4 KAM_PUB_IP t=0 0 a=rtpengine:94805c0d8314 m=audio 11080 RTP/SAVP 0 101 a=rtpmap:0 PCMU/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=sendrecv a=rtcp:11081 a=rtcp-mux a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:9Qjov4TJ7gCTZ1QXBcvg5zwRmNE5d1A6OEfmY7Lz a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ue9JN4KAuPD9xsJwC1HzQflx67IY8+dOpnYszoyJ a=crypto:3 F8_128_HMAC_SHA1_80 inline:04FfXKIKe9NlS6JaQjiCqEGGs7pJs7yPINkwxU+p a=crypto:4 F8_128_HMAC_SHA1_32 inline:RJJdhXJ7iP+l7ssqqbWxZmZN3kU09VDZe9Vp+0dt a=setup:actpass a=fingerprint:sha-256 E6:F5:49:C1:2A:33:E2:F5:22:7E:7D:E0:EA:3D:77:0C:45:50:B8:8F:20:4D:C4:BA:8F:5F:3D:57:F5:94:B4:8F a=ptime:20 __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
Hi > Originating invite towards carrier. Yes, the contact includes the > transport=tls. I think I'm missing something. Which message is not correctly routed? The 200 OK reply to an INVITE which was initiated via transport tls? Or messages in a new transaction of that call, possibly from the B to A side? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: Possibility to print values of Core Keywords in Kamailio configuration file
Hello Henning,
Thank you for your reply.
I am using sipsak for testing purposes and learn more about Kamailio, I was
using SIPp fine before. My goal is to identify the source port from the User
Agent Client (UAC). Here is the command I use in sipsak to send an OPTIONS ping
request:
```sipsak -s sip:proxy_server@33.33.33.4:5060 -l 5060```
the -l flag to identify the source port.
In my Kamailio configuration file, I perform a basic check like this:
```
if ($sp != 5040 && $sp != 5060) {
sl_send_reply(403, "Forbidden");
xlog("this $rm received, is forbidden\n");
exit;
}
```
When my Kamailio server receives the OPTIONS request from sipsak, it sends a
403 error response.
Using sngrep, I observed the following:
```
SIP From= sipsak@33.33.33.99:5060
SIP To= proxy_server@33.33.33.4:5060
Source: 33.33.33.99:36593
Destination: 33.33.33.4:5060
```
However, the source port appears to be random (36593 in this case) rather than
the expected 5060. This leads me to believe that Kamailio checks the source
port from the transport layer (I am not certain about this). The $sp value in
this case is 36593, not 5060.
I tried several ways to force sipsak to send the packet from port 5060, but I
couldn't achieve this. While sipsak correctly sets the number port 5060 in the
From and Via headers, it seems to use a random source port at the transport
layer.
Cheers,
Mohamed.
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
FS-->Kam-->Carrier Invite to carrier is good, sent over tls and so the reply from the carrier, the 200 ok. The ACK is sent via UDP and so is the Bye, which I didn't include. __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
Am Thu, 20 Jun 2024 14:14:11 - schrieb smartin114--- via sr-users : > Invite to carrier is good, sent over tls and so the reply from the carrier, > the 200 ok. The ACK is sent via UDP and so is the Bye, which I didn't > include. I fear I need more information and a complete example to see what might be going wrong. INVITE: FS => TLS => Kamailio => UDP => Carrier some more messages 200 OK: Carrier => UDP => Kamailio => TLS => FS and the ACK to the 200 OK, they are all fine? So the Problem is the BYE when sent which direction? From the Carrier? I assume this is the case. Basically you need to look at the INVITE from the FS. Does the Contact: header contain a transport=tls attribute? (According to your example, it does) So this information needs to be stored on the Carrier side (or whatever B2BUA an the Carrier side handles the call) and when the carrier issues a BYE the R-URI of that BYE needs to contain transport=tls as this is the information, the last HOP towards the Fs side will be using when all Route: Header have been consumed. If this is NOT the case and transport=tls is missing in the BYE R-URI the IMHO SIP implementation Carries side is 'broken', you face the same issue I have had. :-) If you are able to put other attributes in the invite Contact header, and they are sent back the BYE from the Carrier, then you can copy the transport value to a custom contact attribute (I use t=) and restore the transport attribute on the R-URI from that. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
everything from FS to Kam shows TLS and good. It's just the leg between Kam and the carrier. The invite goes from Kam to the carrier (the one I pasted above), the carrier 200ok's it, also good, then Kam sends the ACK over UDP, so the carrier never actually sees it - because they aren't listening on 5060 for this connection and the carrier retransmits the 200 until the call terminates. When Kam initiates the Bye, it is also over UDP. When Kam responds to the carrier Bye that eventually comes, it sends that over TLS. __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
I was trying to add an attachment of the call flow, but I don't see that I can? __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
it is already in the thread. 200 OK from carrier SIP/2.0 200 OK Via: SIP/2.0/TLS KAM_PUB_IP:5061;branch=z9hG4bK18ff.3d856b8b0b007414ab2dec09cbabd574.0;i=a2 Via: SIP/2.0/TLS FS_PUB_IP:5061;received=FS_PUB_IP;rport=56403;branch=z9hG4bKKaee61yyZ98De From: "+14388006102" ;tag=XjQ5g4Ze5UaZp To: ;tag=gK04d33797 Call-ID: b99c2b65-a827-123d-1984-4201c0a80193 CSeq: 84807919 INVITE Record-Route: Accept: application/sdp, application/isup, application/dtmf, application/dtmf-relay, multipart/mixed Contact: Allow: INVITE,ACK,CANCEL,BYE,REGISTER,INFO,SUBSCRIBE,NOTIFY,PRACK,UPDATE,OPTIONS,MESSAGE,PUBLISH Require: timer Supported: timer Session-Expires: 1800;refresher=uac Content-Length:324 Content-Disposition: session; handling=required Content-Type: application/sdp v=0 o=Sonus_UAC 913845 351585 IN IP4 CARRIER_PUB_IP s=SIP Media Capabilities c=IN IP4 CARRIER_PUB_IP t=0 0 m=audio 33168 RTP/SAVP 0 101 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:LfSgFSVqhXNWMSziOtwpEeYmNu0/kGiyuMVS8VXy a=rtpmap:0 PCMU/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=sendrecv a=ptime:20 __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
can you show the 200 OK? Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Thu, Jun 20, 2024 at 5:43 PM smartin114--- via sr-users < sr-users@lists.kamailio.org> wrote: > I was trying to add an attachment of the call flow, but I don't see that I > can? > __ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
You trying to add the XML to the sdp? Are you manipulating something somewhere? It is very strange indeed... have you tried force_socket? Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Thu, Jun 20, 2024 at 7:06 PM smartin114--- via sr-users < sr-users@lists.kamailio.org> wrote: > it is already in the thread. > > 200 OK from carrier > SIP/2.0 200 OK > Via: SIP/2.0/TLS > KAM_PUB_IP:5061;branch=z9hG4bK18ff.3d856b8b0b007414ab2dec09cbabd574.0;i=a2 > Via: SIP/2.0/TLS > FS_PUB_IP:5061;received=FS_PUB_IP;rport=56403;branch=z9hG4bKKaee61yyZ98De > From: "+14388006102" ;tag=XjQ5g4Ze5UaZp > To: ;tag=gK04d33797 > Call-ID: b99c2b65-a827-123d-1984-4201c0a80193 > CSeq: 84807919 INVITE > Record-Route: > > > Accept: application/sdp, application/isup, application/dtmf, > application/dtmf-relay, > multipart/mixed > Contact: > Allow: > > INVITE,ACK,CANCEL,BYE,REGISTER,INFO,SUBSCRIBE,NOTIFY,PRACK,UPDATE,OPTIONS,MESSAGE,PUBLISH > Require: timer > Supported: timer > Session-Expires: 1800;refresher=uac > Content-Length:324 > Content-Disposition: session; handling=required > Content-Type: application/sdp > > v=0 > o=Sonus_UAC 913845 351585 IN IP4 CARRIER_PUB_IP > s=SIP Media Capabilities > c=IN IP4 CARRIER_PUB_IP > t=0 0 > m=audio 33168 RTP/SAVP 0 101 > a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:LfSgFSVqhXNWMSziOtwpEeYmNu0/kGiyuMVS8VXy > a=rtpmap:0 PCMU/8000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-15 > a=sendrecv > a=ptime:20 > __ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
I haven't tried force_socket. Where would that be added? No manipulating. I was stripping off some of the crypto suites, but that is about it. __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
and no, not adding XML to the SDP. __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
you'd need to mark the reply and before forwarding it, force_socket it to your tls socket You do have a TLS socket, right? Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Thu, Jun 20, 2024 at 7:31 PM smartin114--- via sr-users < sr-users@lists.kamailio.org> wrote: > and no, not adding XML to the SDP. > __ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
Yes, there is a tls socket defined. I assume since the invite goes out TLS and all the cert stuff works, there is a tls socket as well. __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] SecSIPID Assistance
Hi everyone. Wanting to see if someone could point me in the right
direction. Still very knew to Kamailio but I am beginning to understand it
better. I'm making an outbound proxy and have everything working well
besides stir/shaken. I'm looking at the module page and have went back and
forth with chatGPT and can't seem to figure this part out. I keep getting
errors on the modparam lines.
Obviously this is a self signed cert because I'm just testing. I am able to
reach and download the cert from the Web server.
Thank you for any assistance.
# SECSIPID for Stir/Shaken
modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
route[STIRSHAKEN] {
if (is_method("INVITE")) {
if (!secsipid_add_identity("$fU", "$rU", "A", "", "
http://myIPaddress.com/stir_shaken_cert.crt
",
"/etc/kamailio/secsipid/private.key")) {
xlog("L_ERR", "Failed to sign call with ID: $ci - From: $fU\n");
send_reply("500", "Internal Server Error");
exit;
} else {
xlog("L_INFO", "Successfully signed call with ID: $ci - From:
$fU\n");
}
}
# Relay the call after signing
route(RELAY);
}
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
[SR-Users] Re: SecSIPID Assistance
What is the error you're getting?
Regards,
Kaufman
From: Blake Ivey via sr-users
Sent: Thursday, June 20, 2024 3:14 PM
To: Kamailio (SER) - Users Mailing List
Cc: Blake Ivey
Subject: [SR-Users] SecSIPID Assistance
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
Hi everyone. Wanting to see if someone could point me in the right direction.
Still very knew to Kamailio but I am beginning to understand it better. I'm
making an outbound proxy and have everything working well besides stir/shaken.
I'm looking at the module page and have went back and forth with chatGPT and
can't seem to figure this part out. I keep getting errors on the modparam lines.
Obviously this is a self signed cert because I'm just testing. I am able to
reach and download the cert from the Web server.
Thank you for any assistance.
# SECSIPID for Stir/Shaken
modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
route[STIRSHAKEN] {
if (is_method("INVITE")) {
if (!secsipid_add_identity("$fU", "$rU", "A", "",
"http://myIPaddress.com/stir_shaken_cert.crt",
"/etc/kamailio/secsipid/private.key")) {
xlog("L_ERR", "Failed to sign call with ID: $ci - From: $fU\n");
send_reply("500", "Internal Server Error");
exit;
} else {
xlog("L_INFO", "Successfully signed call with ID: $ci - From:
$fU\n");
}
}
# Relay the call after signing
route(RELAY);
}
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
[SR-Users] Re: SecSIPID Assistance
Sorry for the formatting:
ERROR: [core/modparam.c:185]: set_mod_param_regex(): parameter
of type <1:string> not found in module
kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error in
config file /etc/kamailio/kamailio.cfg, line 71, column 73: Can't set
module parameter
kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error in
config file /etc/kamailio/kamailio.cfg, line 71, column 70: Can't set
module parameter
kamailio: ERROR: [core/modparam.c:185]: set_mod_param_regex():
parameter of type <1:string> not found in module
On Thu, Jun 20, 2024, 4:31 PM Ben Kaufman wrote:
> What is the error you’re getting?
>
>
>
> Regards,
>
> Kaufman
>
>
>
>
>
> *From:* Blake Ivey via sr-users
> *Sent:* Thursday, June 20, 2024 3:14 PM
> *To:* Kamailio (SER) - Users Mailing List
> *Cc:* Blake Ivey
> *Subject:* [SR-Users] SecSIPID Assistance
>
>
>
> *CAUTION:* This email originated from outside the organization. *Do not
> click links or open attachments* unless you recognize the sender and know
> the content is safe.
>
>
>
> Hi everyone. Wanting to see if someone could point me in the right
> direction. Still very knew to Kamailio but I am beginning to understand it
> better. I'm making an outbound proxy and have everything working well
> besides stir/shaken. I'm looking at the module page and have went back and
> forth with chatGPT and can't seem to figure this part out. I keep getting
> errors on the modparam lines.
>
>
>
> Obviously this is a self signed cert because I'm just testing. I am able
> to reach and download the cert from the Web server.
>
>
>
> Thank you for any assistance.
>
>
>
> # SECSIPID for Stir/Shaken
>
> modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
>
> modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
>
> modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
>
> modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
>
>
>
> route[STIRSHAKEN] {
>
> if (is_method("INVITE")) {
>
> if (!secsipid_add_identity("$fU", "$rU", "A", "", "
> http://myIPaddress.com/stir_shaken_cert.crt
> ",
> "/etc/kamailio/secsipid/private.key")) {
>
> xlog("L_ERR", "Failed to sign call with ID: $ci - From:
> $fU\n");
>
> send_reply("500", "Internal Server Error");
>
> exit;
>
> } else {
>
> xlog("L_INFO", "Successfully signed call with ID: $ci - From:
> $fU\n");
>
> }
>
> }
>
>
>
> # Relay the call after signing
>
> route(RELAY);
>
> }
>
>
>
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
[SR-Users] Re: SecSIPID Assistance
Except for `expire` and `timeout`, those parameters don't exist for secsip id-
at least according to the module documentation:
https://kamailio.org/docs/modules/stable/modules/secsipid
Regards,
Kaufman
From: Blake Ivey
Sent: Thursday, June 20, 2024 3:39 PM
To: Ben Kaufman
Cc: sr-users@lists.kamailio.org
Subject: Re: [SR-Users] SecSIPID Assistance
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
Sorry for the formatting:
ERROR: [core/modparam.c:185]: set_mod_param_regex(): parameter
of type <1:string> not found in module
kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error in
config file /etc/kamailio/kamailio.cfg, line 71, column 73: Can't set module
parameter
kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error in
config file /etc/kamailio/kamailio.cfg, line 71, column 70: Can't set module
parameter
kamailio: ERROR: [core/modparam.c:185]: set_mod_param_regex(): parameter
of type <1:string> not found in module
On Thu, Jun 20, 2024, 4:31 PM Ben Kaufman
mailto:bkauf...@bcmone.com>> wrote:
What is the error you're getting?
Regards,
Kaufman
From: Blake Ivey via sr-users
mailto:sr-users@lists.kamailio.org>>
Sent: Thursday, June 20, 2024 3:14 PM
To: Kamailio (SER) - Users Mailing List
mailto:sr-users@lists.kamailio.org>>
Cc: Blake Ivey mailto:uga5...@gmail.com>>
Subject: [SR-Users] SecSIPID Assistance
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
Hi everyone. Wanting to see if someone could point me in the right direction.
Still very knew to Kamailio but I am beginning to understand it better. I'm
making an outbound proxy and have everything working well besides stir/shaken.
I'm looking at the module page and have went back and forth with chatGPT and
can't seem to figure this part out. I keep getting errors on the modparam lines.
Obviously this is a self signed cert because I'm just testing. I am able to
reach and download the cert from the Web server.
Thank you for any assistance.
# SECSIPID for Stir/Shaken
modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
route[STIRSHAKEN] {
if (is_method("INVITE")) {
if (!secsipid_add_identity("$fU", "$rU", "A", "",
"http://myIPaddress.com/stir_shaken_cert.crt",
"/etc/kamailio/secsipid/private.key")) {
xlog("L_ERR", "Failed to sign call with ID: $ci - From: $fU\n");
send_reply("500", "Internal Server Error");
exit;
} else {
xlog("L_INFO", "Successfully signed call with ID: $ci - From:
$fU\n");
}
}
# Relay the call after signing
route(RELAY);
}
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
[SR-Users] TLS: client doesn't check certificate CN
Hello, I noticed that Kamailio can route either to IP and FQDN. This means the server certificate CN is not checked by the client. How to enable something like the 'verify_peer' option? Thanks __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: SecSIPID Assistance
Hmm you are correct. I took it out and it started fine. So what exactly
would I need for our outbound stirshaken?
Just secsipid_add_identity?
I guess I've been looking at this for too long today. Just lines and lines
after a while.
On Thu, Jun 20, 2024, 4:47 PM Ben Kaufman wrote:
> Except for `expire` and `timeout`, those parameters don’t exist for secsip
> id- at least according to the module documentation:
> https://kamailio.org/docs/modules/stable/modules/secsipid
>
>
>
> Regards,
>
> Kaufman
>
>
>
> *From:* Blake Ivey
> *Sent:* Thursday, June 20, 2024 3:39 PM
> *To:* Ben Kaufman
> *Cc:* sr-users@lists.kamailio.org
> *Subject:* Re: [SR-Users] SecSIPID Assistance
>
>
>
> *CAUTION:* This email originated from outside the organization. *Do not
> click links or open attachments* unless you recognize the sender and know
> the content is safe.
>
>
>
> Sorry for the formatting:
>
> ERROR: [core/modparam.c:185]: set_mod_param_regex(): parameter
> of type <1:string> not found in module
> kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error in
> config file /etc/kamailio/kamailio.cfg, line 71, column 73: Can't set
> module parameter
> kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error in
> config file /etc/kamailio/kamailio.cfg, line 71, column 70: Can't set
> module parameter
> kamailio: ERROR: [core/modparam.c:185]: set_mod_param_regex():
> parameter of type <1:string> not found in module
>
>
>
> On Thu, Jun 20, 2024, 4:31 PM Ben Kaufman wrote:
>
> What is the error you’re getting?
>
>
>
> Regards,
>
> Kaufman
>
>
>
>
>
> *From:* Blake Ivey via sr-users
> *Sent:* Thursday, June 20, 2024 3:14 PM
> *To:* Kamailio (SER) - Users Mailing List
> *Cc:* Blake Ivey
> *Subject:* [SR-Users] SecSIPID Assistance
>
>
>
> *CAUTION:* This email originated from outside the organization. *Do not
> click links or open attachments* unless you recognize the sender and know
> the content is safe.
>
>
>
> Hi everyone. Wanting to see if someone could point me in the right
> direction. Still very knew to Kamailio but I am beginning to understand it
> better. I'm making an outbound proxy and have everything working well
> besides stir/shaken. I'm looking at the module page and have went back and
> forth with chatGPT and can't seem to figure this part out. I keep getting
> errors on the modparam lines.
>
>
>
> Obviously this is a self signed cert because I'm just testing. I am able
> to reach and download the cert from the Web server.
>
>
>
> Thank you for any assistance.
>
>
>
> # SECSIPID for Stir/Shaken
>
> modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
>
> modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
>
> modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
>
> modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
>
>
>
> route[STIRSHAKEN] {
>
> if (is_method("INVITE")) {
>
> if (!secsipid_add_identity("$fU", "$rU", "A", "", "
> http://myIPaddress.com/stir_shaken_cert.crt
> ",
> "/etc/kamailio/secsipid/private.key")) {
>
> xlog("L_ERR", "Failed to sign call with ID: $ci - From:
> $fU\n");
>
> send_reply("500", "Internal Server Error");
>
> exit;
>
> } else {
>
> xlog("L_INFO", "Successfully signed call with ID: $ci - From:
> $fU\n");
>
> }
>
> }
>
>
>
> # Relay the call after signing
>
> route(RELAY);
>
> }
>
>
>
>
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
check https://github.com/davidcsi/kamailio-private-public/blob/master/kamailio-tls-to-udp-with-sips-scheme.cfg that might give you some ideas Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Thu, Jun 20, 2024 at 11:23 PM David Villasmil < david.villasmil.w...@gmail.com> wrote: > is there a UDP socket a well? are you translating TLS<->UDP? > > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > > > On Thu, Jun 20, 2024 at 10:48 PM smartin114--- via sr-users < > sr-users@lists.kamailio.org> wrote: > >> Yes, there is a tls socket defined. I assume since the invite goes out >> TLS and all the cert stuff works, there is a tls socket as well. >> __ >> Kamailio - Users Mailing List - Non Commercial Discussions >> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: replies using the wrong protocol
is there a UDP socket a well? are you translating TLS<->UDP? Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 On Thu, Jun 20, 2024 at 10:48 PM smartin114--- via sr-users < sr-users@lists.kamailio.org> wrote: > Yes, there is a tls socket defined. I assume since the invite goes out > TLS and all the cert stuff works, there is a tls socket as well. > __ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > __ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
[SR-Users] Re: SecSIPID Assistance
this is what i do (i have a redirect server receive the INVITEs to be
signed, I add the header and then do 302, the initiating server then add it
to the INVITE and sends the invite out:
if ($rm=="INVITE") {
$var(rc) = secsipid_add_identity("$(var(from){s.numeric})",
"$(var(to){s.numeric})", "A", "", "
https://pki.domain.com/stir-shaken-cert.pem";,
"/etc/kamailio/ec256-private.pem");
if ( $var(rc) > 0 ) {
msg_apply_changes();
} else {
update_stat("stirshaken_create_identity_failed","+1");
send_reply("503", "Service Unavailable - can not create Identity header");
exit;
}
append_to_reply("Identity: $hdr(Identity)\r\n");
}
sl_send_reply("302", "Redirect");
exit;
hope that helps
Regards,
David Villasmil
email: david.villasmil.w...@gmail.com
On Thu, Jun 20, 2024 at 11:14 PM Blake Ivey via sr-users <
sr-users@lists.kamailio.org> wrote:
> Hmm you are correct. I took it out and it started fine. So what exactly
> would I need for our outbound stirshaken?
>
> Just secsipid_add_identity?
>
> I guess I've been looking at this for too long today. Just lines and lines
> after a while.
>
> On Thu, Jun 20, 2024, 4:47 PM Ben Kaufman wrote:
>
>> Except for `expire` and `timeout`, those parameters don’t exist for
>> secsip id- at least according to the module documentation:
>> https://kamailio.org/docs/modules/stable/modules/secsipid
>>
>>
>>
>> Regards,
>>
>> Kaufman
>>
>>
>>
>> *From:* Blake Ivey
>> *Sent:* Thursday, June 20, 2024 3:39 PM
>> *To:* Ben Kaufman
>> *Cc:* sr-users@lists.kamailio.org
>> *Subject:* Re: [SR-Users] SecSIPID Assistance
>>
>>
>>
>> *CAUTION:* This email originated from outside the organization. *Do not
>> click links or open attachments* unless you recognize the sender and
>> know the content is safe.
>>
>>
>>
>> Sorry for the formatting:
>>
>> ERROR: [core/modparam.c:185]: set_mod_param_regex(): parameter
>> of type <1:string> not found in module
>> kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error
>> in config file /etc/kamailio/kamailio.cfg, line 71, column 73: Can't set
>> module parameter
>> kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error
>> in config file /etc/kamailio/kamailio.cfg, line 71, column 70: Can't set
>> module parameter
>> kamailio: ERROR: [core/modparam.c:185]: set_mod_param_regex():
>> parameter of type <1:string> not found in module
>>
>>
>>
>> On Thu, Jun 20, 2024, 4:31 PM Ben Kaufman wrote:
>>
>> What is the error you’re getting?
>>
>>
>>
>> Regards,
>>
>> Kaufman
>>
>>
>>
>>
>>
>> *From:* Blake Ivey via sr-users
>> *Sent:* Thursday, June 20, 2024 3:14 PM
>> *To:* Kamailio (SER) - Users Mailing List
>> *Cc:* Blake Ivey
>> *Subject:* [SR-Users] SecSIPID Assistance
>>
>>
>>
>> *CAUTION:* This email originated from outside the organization. *Do not
>> click links or open attachments* unless you recognize the sender and
>> know the content is safe.
>>
>>
>>
>> Hi everyone. Wanting to see if someone could point me in the right
>> direction. Still very knew to Kamailio but I am beginning to understand it
>> better. I'm making an outbound proxy and have everything working well
>> besides stir/shaken. I'm looking at the module page and have went back and
>> forth with chatGPT and can't seem to figure this part out. I keep getting
>> errors on the modparam lines.
>>
>>
>>
>> Obviously this is a self signed cert because I'm just testing. I am able
>> to reach and download the cert from the Web server.
>>
>>
>>
>> Thank you for any assistance.
>>
>>
>>
>> # SECSIPID for Stir/Shaken
>>
>> modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
>>
>> modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
>>
>> modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
>>
>> modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
>>
>>
>>
>> route[STIRSHAKEN] {
>>
>> if (is_method("INVITE")) {
>>
>> if (!secsipid_add_identity("$fU", "$rU", "A", "", "
>> http://myIPaddress.com/stir_shaken_cert.crt
>> ",
>> "/etc/kamailio/secsipid/private.key")) {
>>
>> xlog("L_ERR", "Failed to sign call with ID: $ci - From:
>> $fU\n");
>>
>> send_reply("500", "Internal Server Error");
>>
>> exit;
>>
>> } else {
>>
>> xlog("L_INFO", "Successfully signed call with ID: $ci - From:
>> $fU\n");
>>
>> }
>>
>> }
>>
>>
>>
>> # Relay the call after signing
>>
>> route(RELAY);
>>
>> }
>>
>>
>>
>> __
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-le...@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-
[SR-Users] Re: SecSIPID Assistance
Thanks for the replies. I think I am understanding it better now. My issue
now is I am getting this error:
ERROR: {1 84911190 INVITE 9eea2bb8-aa08-123d-c0b5-5a8b7787aa29} secsipid
[secsipid_mod.c:444]: ki_secsipid_add_identity_mode(): failed to get
identity header body (-451)
-451 = SJWTRetErrFileRead which I assume is either the certificate or the
private key. I am able to download the certificate using the URL so I guess
the key? I have permissions on the key as 600 (-rw---) and the
user:group for it is kamailio.
It's still a self signed but I generated it with the TNAuthList, etc like a
production certificate. I have stir/shaken working on s production machine
but it uses libstirshaken and not secsipid.
Output of cert:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:a4:66:b0:ec:7b:3a:f2:e8:e4:fd:0d:f4:cc:56:f2:2c:0b:32:4d
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = ME, L = New York, O = Bobs Phone Company, CN =
sip-test.mydomain.net
Validity
Not Before: Jun 21 00:03:27 2024 GMT
Not After : Sep 24 00:03:27 2026 GMT
Subject: C = US, ST = VA, L = Somewhere, O = "AcmeTelecom, Inc.",
OU = VOIP, CN = SHAKEN
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b8:3f:ac:45:14:65:05:1f:df:bd:f4:3c:e5:39:
33:66:c4:06:59:90:8a:05:be:76:c2:55:49:48:95:
62:3d:7f:25:20:77:d2:fa:4d:60:eb:d8:72:d9:a8:
a1:40:e0:51:ad:aa:d0:d3:4b:f1:03:4c:42:b6:d5:
01:0c:fb:48:b0
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
1.3.6.1.5.5.7.1.26:
0.1001
X509v3 Subject Key Identifier:
9C:54:1E:90:7E:5D:58:F3:52:81:2F:E0:13:D6:2D:C2:FE:AE:A9:FB
X509v3 Authority Key Identifier:
84:95:50:31:A8:E6:FE:EC:76:C6:C5:1C:EB:79:E5:AC:A8:54:CD:1C
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:46:02:21:00:b0:24:88:8e:cf:27:88:d0:d2:9c:c5:6b:2b:
d3:c0:88:b1:2f:a6:da:fe:5b:fe:c8:41:f6:02:34:e1:99:eb:
69:02:21:00:9d:63:32:bc:0f:10:24:80:67:e3:c6:84:84:6d:
c5:1a:d1:03:2b:19:34:34:34:51:a5:b6:64:9b:9f:db:eb:cb
On Thu, Jun 20, 2024 at 5:33 PM David Villasmil <
david.villasmil.w...@gmail.com> wrote:
> this is what i do (i have a redirect server receive the INVITEs to be
> signed, I add the header and then do 302, the initiating server then add it
> to the INVITE and sends the invite out:
>
> if ($rm=="INVITE") {
> $var(rc) = secsipid_add_identity("$(var(from){s.numeric})",
> "$(var(to){s.numeric})", "A", "", "
> https://pki.domain.com/stir-shaken-cert.pem";,
> "/etc/kamailio/ec256-private.pem");
>
> if ( $var(rc) > 0 ) {
> msg_apply_changes();
> } else {
> update_stat("stirshaken_create_identity_failed","+1");
> send_reply("503", "Service Unavailable - can not create Identity header");
> exit;
> }
>
> append_to_reply("Identity: $hdr(Identity)\r\n");
> }
> sl_send_reply("302", "Redirect");
> exit;
>
>
> hope that helps
>
> Regards,
>
> David Villasmil
> email: david.villasmil.w...@gmail.com
>
>
>
> On Thu, Jun 20, 2024 at 11:14 PM Blake Ivey via sr-users <
> sr-users@lists.kamailio.org> wrote:
>
>> Hmm you are correct. I took it out and it started fine. So what exactly
>> would I need for our outbound stirshaken?
>>
>> Just secsipid_add_identity?
>>
>> I guess I've been looking at this for too long today. Just lines and
>> lines after a while.
>>
>> On Thu, Jun 20, 2024, 4:47 PM Ben Kaufman wrote:
>>
>>> Except for `expire` and `timeout`, those parameters don’t exist for
>>> secsip id- at least according to the module documentation:
>>> https://kamailio.org/docs/modules/stable/modules/secsipid
>>>
>>>
>>>
>>> Regards,
>>>
>>> Kaufman
>>>
>>>
>>>
>>> *From:* Blake Ivey
>>> *Sent:* Thursday, June 20, 2024 3:39 PM
>>> *To:* Ben Kaufman
>>> *Cc:* sr-users@lists.kamailio.org
>>> *Subject:* Re: [SR-Users] SecSIPID Assistance
>>>
>>>
>>>
>>> *CAUTION:* This email originated from outside the organization. *Do not
>>> click links or open attachments* unless you recognize the sender and
>>> know the content is safe.
>>>
>>>
>>>
>>> Sorry for the formatting:
>>>
>>> ERROR: [core/modparam.c:185]: set_mod_param_regex(): parameter
>>> of type <1:string> not found in module
>>> kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error
>>> in config file /etc/kamailio/kamailio.cfg, line 71, column 73: Can't set
>>> module parameter
>>> kamailio: CRITICAL: [core/cfg.y:4011]: yyerror_at(): parse error
>>> in config file /etc/kamailio/kamailio.cfg, line 71, column 70: Can't set
>>> module parameter
>>> kamailio: ERROR: [core/modparam.c:185]: set_mod_param_regex():
>>> parameter of type <1:string> not found in module
>>>
>>>
>>>
>>> On Thu, Jun 20, 2024, 4:31 PM Ben
[SR-Users] Re: SecSIPID Assistance
Disregard. It was my mistake. I had sp_key.pem in my kamailio config when
it was actually sp-key.pem. Doh. Took me way too long to see my mistake but
it is working now and adding the identity. Thanks for the help everyone!
On Thu, Jun 20, 2024 at 8:43 PM Blake Ivey wrote:
> Thanks for the replies. I think I am understanding it better now. My issue
> now is I am getting this error:
>
> ERROR: {1 84911190 INVITE 9eea2bb8-aa08-123d-c0b5-5a8b7787aa29} secsipid
> [secsipid_mod.c:444]: ki_secsipid_add_identity_mode(): failed to get
> identity header body (-451)
>
> -451 = SJWTRetErrFileRead which I assume is either the certificate or the
> private key. I am able to download the certificate using the URL so I guess
> the key? I have permissions on the key as 600 (-rw---) and the
> user:group for it is kamailio.
>
> It's still a self signed but I generated it with the TNAuthList, etc like
> a production certificate. I have stir/shaken working on s production
> machine but it uses libstirshaken and not secsipid.
>
> Output of cert:
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 35:a4:66:b0:ec:7b:3a:f2:e8:e4:fd:0d:f4:cc:56:f2:2c:0b:32:4d
> Signature Algorithm: ecdsa-with-SHA256
> Issuer: C = US, ST = ME, L = New York, O = Bobs Phone Company, CN
> = sip-test.mydomain.net
> Validity
> Not Before: Jun 21 00:03:27 2024 GMT
> Not After : Sep 24 00:03:27 2026 GMT
> Subject: C = US, ST = VA, L = Somewhere, O = "AcmeTelecom, Inc.",
> OU = VOIP, CN = SHAKEN
> Subject Public Key Info:
> Public Key Algorithm: id-ecPublicKey
> Public-Key: (256 bit)
> pub:
> 04:b8:3f:ac:45:14:65:05:1f:df:bd:f4:3c:e5:39:
> 33:66:c4:06:59:90:8a:05:be:76:c2:55:49:48:95:
> 62:3d:7f:25:20:77:d2:fa:4d:60:eb:d8:72:d9:a8:
> a1:40:e0:51:ad:aa:d0:d3:4b:f1:03:4c:42:b6:d5:
> 01:0c:fb:48:b0
> ASN1 OID: prime256v1
> NIST CURVE: P-256
> X509v3 extensions:
> 1.3.6.1.5.5.7.1.26:
> 0.1001
> X509v3 Subject Key Identifier:
> 9C:54:1E:90:7E:5D:58:F3:52:81:2F:E0:13:D6:2D:C2:FE:AE:A9:FB
> X509v3 Authority Key Identifier:
> 84:95:50:31:A8:E6:FE:EC:76:C6:C5:1C:EB:79:E5:AC:A8:54:CD:1C
> Signature Algorithm: ecdsa-with-SHA256
> Signature Value:
> 30:46:02:21:00:b0:24:88:8e:cf:27:88:d0:d2:9c:c5:6b:2b:
> d3:c0:88:b1:2f:a6:da:fe:5b:fe:c8:41:f6:02:34:e1:99:eb:
> 69:02:21:00:9d:63:32:bc:0f:10:24:80:67:e3:c6:84:84:6d:
> c5:1a:d1:03:2b:19:34:34:34:51:a5:b6:64:9b:9f:db:eb:cb
>
>
> On Thu, Jun 20, 2024 at 5:33 PM David Villasmil <
> david.villasmil.w...@gmail.com> wrote:
>
>> this is what i do (i have a redirect server receive the INVITEs to be
>> signed, I add the header and then do 302, the initiating server then add it
>> to the INVITE and sends the invite out:
>>
>> if ($rm=="INVITE") {
>> $var(rc) = secsipid_add_identity("$(var(from){s.numeric})",
>> "$(var(to){s.numeric})", "A", "", "
>> https://pki.domain.com/stir-shaken-cert.pem";,
>> "/etc/kamailio/ec256-private.pem");
>>
>> if ( $var(rc) > 0 ) {
>> msg_apply_changes();
>> } else {
>> update_stat("stirshaken_create_identity_failed","+1");
>> send_reply("503", "Service Unavailable - can not create Identity header");
>> exit;
>> }
>>
>> append_to_reply("Identity: $hdr(Identity)\r\n");
>> }
>> sl_send_reply("302", "Redirect");
>> exit;
>>
>>
>> hope that helps
>>
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.w...@gmail.com
>>
>>
>>
>> On Thu, Jun 20, 2024 at 11:14 PM Blake Ivey via sr-users <
>> sr-users@lists.kamailio.org> wrote:
>>
>>> Hmm you are correct. I took it out and it started fine. So what exactly
>>> would I need for our outbound stirshaken?
>>>
>>> Just secsipid_add_identity?
>>>
>>> I guess I've been looking at this for too long today. Just lines and
>>> lines after a while.
>>>
>>> On Thu, Jun 20, 2024, 4:47 PM Ben Kaufman wrote:
>>>
Except for `expire` and `timeout`, those parameters don’t exist for
secsip id- at least according to the module documentation:
https://kamailio.org/docs/modules/stable/modules/secsipid
Regards,
Kaufman
*From:* Blake Ivey
*Sent:* Thursday, June 20, 2024 3:39 PM
*To:* Ben Kaufman
*Cc:* sr-users@lists.kamailio.org
*Subject:* Re: [SR-Users] SecSIPID Assistance
*CAUTION:* This email originated from outside the organization. *Do
not click links or open attachments* unless you recognize the sender
and know the content is safe.
Sorry for the formatting:
ERROR: [core/modparam.c:185]: set_mod_param_regex(): parameter
of type <1:string> not found in module
kamailio: CRITICAL: [core/cfg.y:4011]:
