Hello Daniel! I updated Kamailio to the latest released version. The problem is that still with tls_set_connect_server_id() I can not make a single instance of Kamailio connect to multiple MS Teams domains. I use a single IP address with different ports for different trunks. I can see it establishing a connection to one trunk and using it for other domains.
Is there a way to force Kamailio to make a new TLS connection to the same peer address that it is already connected to? Thank you! Regards, Volodymyr Ivanets. пн, 2 серп. 2021 о 13:44 Daniel-Constantin Mierla <mico...@gmail.com> пише: > Hello, > > upgrading is the recommended way, indeed, if you want to use > tls_set_connect_server_id(). For older version you may want to try looping > back to kamailio (can be over udp) and the use the xavps. Adds some > overhead and hops, but if you are stuck to a version and can't really > upgrade soon, might be an option to look at. > > Cheers, > Daniel > On 29.07.21 18:48, Володимир Іванець wrote: > > Hello Rob! > > Yes, I'm using Letsencrypt while I'm testing. But I would like to be able > to use different certificates with different sockets. > > I found this discussion https://github.com/kamailio/kamailio/issues/2413. > Looks like I need to use "tls_set_connect_server_id()" instead of setting > $xavp(tls=>server_name)" and "$xavp(tls[0]=>server_id)". Unfortunately I'm > currently using Kamailio v5.4 on my test system and this function is not > available. I will update Kamailio and give it another try. Then I will > update everyone in the hope it will be useful for someone :) > > Thank you! > > Regards, Volodymyr Ivanets > > чт, 29 лип. 2021 о 19:07 Rob van den Bulk <rob.van.den.b...@gmail.com> > пише: > >> Hello, are u using letsencrypt? >> >> U can use a multi domain. >> >> Muti domain names in one certificate >> >> Outlook voor Android <https://aka.ms/AAb9ysg> downloaden >> ------------------------------ >> *From:* sr-users <sr-users-boun...@lists.kamailio.org> on behalf of >> Володимир Іванець <volodyaivan...@gmail.com> >> *Sent:* Thursday, July 29, 2021 4:44:16 PM >> *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> >> *Subject:* [SR-Users] Integration with multiple MS Teams instances >> >> Hello all! >> >> I was able to connect Kamailio with MS Teams and now trying to add one >> more Teams instance. It looks like I have some misconfiguration or there is >> a bug. >> >> My test server has 2 domain records pointing at it (kamailio.domain1.com >> and kamailio.domain2.com). My tls.cfg configuration file looks like >> this. As you can see the Default section is configured with a >> kamailio.domain1.com sertificate: >> >> *[server:default]* >> *method = TLSv1.0+* >> *require_certificate = no* >> *verify_certificate = no* >> *private_key = >> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >> <http://kamailio.domain1.com/server/key.pem>* >> *certificate = >> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >> <http://kamailio.domain1.com/server/cert.pem>* >> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >> <http://kamailio.domain1.com/CA/cert.pem>* >> >> >> *[client:default]* >> *method = TLSv1.0+* >> *require_certificate = no* >> *verify_certificate = no* >> *private_key = >> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >> <http://kamailio.domain1.com/server/key.pem>* >> *certificate = >> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >> <http://kamailio.domain1.com/server/cert.pem>* >> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >> <http://kamailio.domain1.com/CA/cert.pem>* >> >> >> >> *[server:172.16.30.206:5062 <http://172.16.30.206:5062>]* >> *method = TLSv1.0+* >> *require_certificate = no* >> *verify_certificate = no* >> *private_key = >> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >> <http://kamailio.domain1.com/server/key.pem>* >> *certificate = >> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >> <http://kamailio.domain1.com/server/cert.pem>* >> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >> <http://kamailio.domain1.com/CA/cert.pem>* >> *server_name = "kamailio.domain1.com <http://kamailio.domain1.com>"* >> *server_id = "**"kamailio.domain1.com <http://kamailio.domain1.com>"* >> >> >> *[client:172.16.30.206:5062 <http://172.16.30.206:5062>]* >> *method = TLSv1.0+* >> *require_certificate = no* >> *verify_certificate = no* >> *private_key = >> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >> <http://kamailio.domain1.com/server/key.pem>* >> *certificate = >> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >> <http://kamailio.domain1.com/server/cert.pem>* >> *ca_list = /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >> <http://kamailio.domain1.com/CA/cert.pem>* >> >> >> >> *[server:172.16.30.206:5063 <http://172.16.30.206:5063>]* >> *method = TLSv1.0+* >> *require_certificate = no* >> *verify_certificate = no* >> *private_key = >> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem >> <http://kamailio.domain2.com/server/key.pem>* >> *certificate = >> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem >> <http://kamailio.domain2.com/server/cert.pem>* >> *ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem >> <http://kamailio.domain2.com/CA/cert.pem>* >> *server_name = "kamailio.domain2.com <http://kamailio.domain2.com>"* >> >> *server_id = "**"kamailio.domain2.com <http://kamailio.domain2.com>"* >> >> >> *[client:172.16.30.206:5063 <http://172.16.30.206:5063>]* >> *method = TLSv1.0+* >> *require_certificate = no* >> *verify_certificate = no* >> *private_key = >> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem >> <http://kamailio.domain2.com/server/key.pem>* >> *certificate = >> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem >> <http://kamailio.domain2.com/server/cert.pem>* >> *ca_list = /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem >> <http://kamailio.domain2.com/CA/cert.pem>* >> >> >> The dispatcher configuration table looks like this: >> >> >> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ >> | id | setid | destination | flags | >> priority | attrs >> | description | >> >> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ >> | 1 | 1 | sip:sip.pstnhub.microsoft.com;transport=tls | 0 | >> 3 | socket=tls:172.16.30.206:5062;ping_from=sip:kamailio.domain1.com | >> MS Teams 1 | >> | 2 | 2 | sip:sip.pstnhub.microsoft.com;transport=tls | 0 | >> 3 | socket=tls:172.16.30.206:5063;ping_from=sip:kamailio.domain2.com | >> MS Teams 2 | >> >> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ >> >> >> >> When Kamailio is started only connection with the first trunk is >> established: >> >> *# kamcmd tls.list* >> *{* >> * id: 1* >> * timeout: 0* >> * src_ip: 52.114.75.24* >> * src_port: 5061* >> * dst_ip: 172.16.30.206* >> * dst_port: 0* >> * cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA >> Enc=AESGCM(256) Mac=AEAD* >> * ct_wq_size: 0* >> * enc_rd_buf: 0* >> * flags: 2* >> * state: established* >> *}* >> *{* >> * id: 2* >> * timeout: 0* >> * src_ip: 52.114.75.24* >> * src_port: 7810* >> * dst_ip: 172.16.30.206* >> * dst_port: 5062* >> * cipher: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA >> Enc=AESGCM(256) Mac=AEAD* >> * ct_wq_size: 0* >> * enc_rd_buf: 0* >> * flags: 2* >> * state: established* >> *}* >> *{* >> * id: 3* >> * timeout: 596* >> * src_ip: 52.114.75.24* >> * src_port: 7811* >> * dst_ip: 172.16.30.206* >> * dst_port: 5062* >> * cipher: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA >> Enc=AESGCM(256) Mac=AEAD* >> * ct_wq_size: 0* >> * enc_rd_buf: 0* >> * flags: 2* >> * state: established* >> *}* >> >> >> Here is what I can see in Kamailio log file when it sends an OPTIONS >> request to the second trunk. Kamailio uses Default tls configuration and MS >> Teams don't accept it: >> >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: ALERT: <script>: == >> TRACE. tm:local-request. fs is tls:172.16.30.206:5063 >> <http://172.16.30.206:5063>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm >> [uac.c:352]: t_run_local_req(): apply new updates without Via to sip msg* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/msg_translator.c:1796]: check_boundaries(): no multi-part body* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request:* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:612]: parse_msg(): method: <OPTIONS>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:614]: parse_msg(): uri: >> <sip:sip.pstnhub.microsoft.com >> <http://sip.pstnhub.microsoft.com>;transport=tls>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:616]: parse_msg(): version: <SIP/2.0>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/parse_via.c:1303]: parse_via_param(): Found param type 232, >> <branch> = <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/parse_via.c:2639]: parse_via(): end of header reached, state=5* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:498]: parse_headers(): Via found, flags=2* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:500]: parse_headers(): this is the first via* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/parse_addr_spec.c:864]: parse_addr_spec(): end of header >> reached, state=10* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:171]: get_hdr_field(): <To> [47]; >> uri=[sip:sip.pstnhub.microsoft.com >> <http://sip.pstnhub.microsoft.com>;transport=tls]* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:174]: get_hdr_field(): to body >> (47)[<sip:sip.pstnhub.microsoft.com >> <http://sip.pstnhub.microsoft.com>;transport=tls>^M* >> *], to tag (0)[]* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq <CSeq>: <10> >> <OPTIONS>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:185]: get_hdr_field(): content_length=0* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:89]: get_hdr_field(): found end of header* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request:* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:612]: parse_msg(): method: <OPTIONS>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:614]: parse_msg(): uri: >> <sip:sip.pstnhub.microsoft.com >> <http://sip.pstnhub.microsoft.com>;transport=tls>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:616]: parse_msg(): version: <SIP/2.0>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/parse_via.c:1303]: parse_via_param(): Found param type 232, >> <branch> = <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/parse_via.c:2639]: parse_via(): end of header reached, state=5* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:498]: parse_headers(): Via found, flags=2* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:500]: parse_headers(): this is the first via* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/parse_addr_spec.c:864]: parse_addr_spec(): end of header >> reached, state=10* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:171]: get_hdr_field(): <To> [47]; >> uri=[sip:sip.pstnhub.microsoft.com >> <http://sip.pstnhub.microsoft.com>;transport=tls]* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:174]: get_hdr_field(): to body >> (47)[<sip:sip.pstnhub.microsoft.com >> <http://sip.pstnhub.microsoft.com>;transport=tls>^M* >> *], to tag (0)[]* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq <CSeq>: <10> >> <OPTIONS>* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm >> [uac.c:189]: uac_refresh_hdr_shortcuts(): cseq: [CSeq: 10]* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/tcp_main.c:1993]: tcp_send(): no open tcp connection found, opening >> new one* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: >> 52.114.75.24* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/tcp_main.c:1175]: tcpconn_new(): on port 5061, type 3, socket -1* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: <core> >> [core/tcp_main.c:1498]: tcpconn_add(): hashes: 2831:67:0, 1* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls >> [tls_server.c:199]: tls_complete_init(): completing tls connection >> initialization* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls >> [tls_server.c:162]: tls_get_connect_server_name(): xavp with outbound >> server name not found* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls >> [tls_server.c:142]: tls_get_connect_server_id(): xavp with outbound server >> id not found* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls >> [tls_server.c:228]: tls_complete_init(): Using initial TLS domain >> TLSc<default> (dom 0x7f35509da688 ctx 0x7f3550b7a568 sn [])* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls >> [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for >> SSL_CTX-0x7f3550b7a568: (nil)* >> *Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tls >> [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started* >> *...* >> >> >> If I change the Default configuration to use kamailio.domain2.com >> certificate, the second trunk will connect but the first one will fail. >> I tried to set "$xavp(tls=>server_name)" and "$xavp(tls[0]=>server_id)" >> variables to the event_route[tm:local-request] section but log still stated >> that server Name and ID were not found. >> >> Can someone please point me in the right direction, how can I make >> Kamailio use the correct certificates when establishing multiple TLS >> connections? >> >> Thanks a lot! >> >> Regards, Volodymyr Ivanets >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * sr-users@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * sr-users@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- > www.linkedin.com/in/miconda > >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users