Re: [SR-Users] Setting up Kamailio as Teams SBC
It becomes stranger. I've managed to put in letsencrypt cert. No better. After that i started sipdump. OK, pings to microsoft were using local IP of kamalio server. Added a few "listen" directives to config to fix it. Well, now dispatcher still shows bad status. Teams admin center also shows inactive. But when someone makes a test call from Teams, I get the traffic! Like this: tag: rcv pid: 81575 process: 30 time: 1594204711.307233 date: Wed Jul 8 13:38:31 2020 proto: tls ipv4 srcip: 52.114.148.0 srcport: 10176 dstip: dstport: 5061 INVITE sip:+...@domain.com:5061;user=phone;transport=tls SIP/2.0^M FROM: Sergey A. Smirnov;tag=3c0c73c49b334dad885ed8383d9bfd02^M TO: ^M CSEQ: 1 INVITE^M CALL-ID: f90cfaf1cc465256a58910806c85e7e3^M MAX-FORWARDS: 70^M VIA: SIP/2.0/TLS 52.114.148.0:5061;branch=z9hG4bK38865678^M RECORD-ROUTE: ^M CONTACT: ^M CONTENT-LENGTH: 1133^M MIN-SE: 300^M SUPPORTED: timer^M USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2020.7.1.9 i.USWE2.0^M CONTENT-TYPE: application/sdp^M ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY^M SESSION-EXPIRES: 3600^M ^M v=0^M o=- 247300 0 IN IP4 127.0.0.1^M s=session^M c=IN IP4 52.113.47.185^M b=CT:1000^M t=0 0^M m=audio 51320 RTP/SAVP 104 117 9 103 111 18 0 8 97 101 13 118^M c=IN IP4 52.113.47.185^M a=rtcp:51321^M a=ice-ufrag:V73X^M a=ice-pwd:KGyenWsebt1f6QY6CiwAoQzA^M a=rtcp-mux^M a=candidate:1 1 UDP 2130706431 52.113.47.185 51320 typ srflx raddr 10.0.32.202 rport 51320^M a=candidate:1 2 UDP 2130705918 52.113.47.185 51321 typ srflx raddr 10.0.32.202 rport 51321^M a=candidate:2 1 tcp-act 2121006078 52.113.47.185 49152 typ srflx raddr 10.0.32.202 rport 49152^M a=candidate:2 2 tcp-act 2121006078 52.113.47.185 49152 typ srflx raddr 10.0.32.202 rport 49152^M a=label:main-audio^M a=mid:1^M a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:vKSpeCodqNjmTXOlZUjJCgW1YXXGmmAzYg/RqziH|2^31^M a=sendrecv^M a=rtpmap:104 SILK/16000^M a=rtpmap:117 G722/8000/2^M a=rtpmap:9 G722/8000^M a=rtpmap:103 SILK/8000^M a=rtpmap:111 SIREN/16000^M a=fmtp:111 bitrate=16000^M a=rtpmap:18 G729/8000^M a=fmtp:18 annexb=no^M a=rtpmap:0 PCMU/8000^M a=rtpmap:8 PCMA/8000^M a=rtpmap:97 RED/8000^M a=rtpmap:101 telephone-event/8000^M a=fmtp:101 0-16^M a=rtpmap:13 CN/8000^M a=rtpmap:118 CN/16000^M a=ptime:20^M tag: snd pid: 81575 process: 30 time: 1594204711.311578 date: Wed Jul 8 13:38:31 2020 proto: tls ipv4 srcip: srcport: 5061 dstip: 52.114.148.0 dstport: 5061 SIP/2.0 404 Not Found^M FROM: Sergey A. Smirnov;tag=3c0c73c49b334dad885ed8383d9bfd02^M TO: ;tag=e69338500f192915ee9e9b54c3e94a3c-e71d1853^M CSEQ: 1 INVITE^M CALL-ID: f90cfaf1cc465256a58910806c85e7e3^M VIA: SIP/2.0/TLS 52.114.148.0:5061;branch=z9hG4bK38865678^M Server: kamailio (5.3.5 (x86_64/linux))^M Content-Length: 0^M Well, I get that 404 is because I have no forward route to my pstn. But shouldn't I rely on dispatchers output? Also all these "inactive" make me worried. ср, 8 июл. 2020 г. в 10:32, Karsten Horsmann : > Hi, > > Yeah they told you that. But I got it working with letsencrypt. It's an > easy and harmless try before you bumping your head on the desk in case of > tls debugging. > > > BTW I remember that you can sniff ms teams ssl/tls handshake with ssldump. > > And if teams is happy with there option pings to you the direct routing > shows up as okay (AFAIK). > > Роман С. schrieb am Mi., 8. Juli 2020, 09:07: > >> Hm, letsencrypt is out of supported CA list :/ I will give it a try and >> roll over to sipdump if it fails. Thank you guys. >> >> вт, 7 июл. 2020 г. в 21:19, Karsten Horsmann : >> >>> Hi there, >>> >>> my teams tls problems with wildcard certs are gone after I did the an >>> letsencrypt cert fqdn based cn. >>> >>> Did you tried that? >>> >>> Cheers >>> Karsten >>> >>> Роман С. schrieb am Di., 7. Juli 2020, 11:46: >>> >>>> Hello. >>>> I'm trying to set up Kamailio as SBC for Teams using >>>> https://skalatan.de/en/blog/kamailio-sbc-teams. >>>> Setup is completely default (except things mentioned at article), but I >>>> use wildcard certificate for TLS. Well, I can't even pass dispatcher: >>>> >>>> kamcmd dispatcher.list | egrep "RI|FLAG" >>>> URI: sip: >>>> sip.pstnhub.microsoft.com;transport=tls >>>> FLAGS: IP >>>> PRIORITY: 3 >>>> URI: sip: >>>> sip2.pstnhub.microsoft.com;transport=tls >>>> FLAGS: IP >>
Re: [SR-Users] Setting up Kamailio as Teams SBC
Hm, letsencrypt is out of supported CA list :/ I will give it a try and roll over to sipdump if it fails. Thank you guys. вт, 7 июл. 2020 г. в 21:19, Karsten Horsmann : > Hi there, > > my teams tls problems with wildcard certs are gone after I did the an > letsencrypt cert fqdn based cn. > > Did you tried that? > > Cheers > Karsten > > Роман С. schrieb am Di., 7. Juli 2020, 11:46: > >> Hello. >> I'm trying to set up Kamailio as SBC for Teams using >> https://skalatan.de/en/blog/kamailio-sbc-teams. >> Setup is completely default (except things mentioned at article), but I >> use wildcard certificate for TLS. Well, I can't even pass dispatcher: >> >> kamcmd dispatcher.list | egrep "RI|FLAG" >> URI: sip: >> sip.pstnhub.microsoft.com;transport=tls >> FLAGS: IP >> PRIORITY: 3 >> URI: sip: >> sip2.pstnhub.microsoft.com;transport=tls >> FLAGS: IP >> PRIORITY: 2 >> URI: sip: >> sip3.pstnhub.microsoft.com;transport=tls >> FLAGS: IP >> PRIORITY: 1 >> >> Where do I start to dig? >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Setting up Kamailio as Teams SBC
OK, spent some time around tls configuration. OpenSSL shows no error now,
but dispatcher continues to show me IP or AX.
openssl s_client -showcerts -debug -connect servername.com:5061 -no_ssl2
-bugs -servername servername.com -CAfile /root/intermediate.crt
kamalio.cfg
### Routing Logic
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") {
append_hf("Contact: \r\n");
}
xlog("L_INFO", "Sent out tm request: $mb\n");
}
request_route {
...
if (is_method("INVITE|SUBSCRIBE")) {
record_route_preset("servername.com:5061;transport=tls",
"my_ip:5060");
#record_route();
}
...
}
route[WITHINDLG] {
if (!has_totag()) return;
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
route(DLGURI);
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the
transaction fails
} else if ( is_method("ACK") ) {
# ACK is forwarded statelessly
route(NATMANAGE);
} else if ( is_method("NOTIFY") ) {
# Add Record-Route for in-dialog NOTIFY as per RFC
6665.
record_route_preset("servername.com:5061;transport=tls",
"my_ip:5060");
#record_route();
}
route(RELAY);
exit;
}
Teams web-interface shows inactive. Kamcmd's same as previous output. What
do I do :(?
вт, 7 июл. 2020 г. в 12:43, Роман С. :
> Hello.
> I'm trying to set up Kamailio as SBC for Teams using
> https://skalatan.de/en/blog/kamailio-sbc-teams.
> Setup is completely default (except things mentioned at article), but I
> use wildcard certificate for TLS. Well, I can't even pass dispatcher:
>
> kamcmd dispatcher.list | egrep "RI|FLAG"
> URI: sip:sip.pstnhub.microsoft.com
> ;transport=tls
> FLAGS: IP
> PRIORITY: 3
> URI: sip:
> sip2.pstnhub.microsoft.com;transport=tls
> FLAGS: IP
> PRIORITY: 2
> URI: sip:
> sip3.pstnhub.microsoft.com;transport=tls
> FLAGS: IP
> PRIORITY: 1
>
> Where do I start to dig?
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] Setting up Kamailio as Teams SBC
Hello. I'm trying to set up Kamailio as SBC for Teams using https://skalatan.de/en/blog/kamailio-sbc-teams. Setup is completely default (except things mentioned at article), but I use wildcard certificate for TLS. Well, I can't even pass dispatcher: kamcmd dispatcher.list | egrep "RI|FLAG" URI: sip:sip.pstnhub.microsoft.com ;transport=tls FLAGS: IP PRIORITY: 3 URI: sip:sip2.pstnhub.microsoft.com ;transport=tls FLAGS: IP PRIORITY: 2 URI: sip:sip3.pstnhub.microsoft.com ;transport=tls FLAGS: IP PRIORITY: 1 Where do I start to dig? ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
