Hello, can you set https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_connection_match ?
It may work only for connections accepted by Kamailio, but worth a try. Cheers, Daniel On 03.08.21 14:48, Володимир Іванець wrote: > Hello Daniel, > > Yes, I have "socket=tls:172.16.30.206:5062 > <http://172.16.30.206:5062>" and "socket=tls:172.16.30.206:5063 > <http://172.16.30.206:5063>" attributes for corresponding records in > the Dispatcher configuration table. $fs prints out correct values in > the "event_route[tm:local-request]". > > But I thought that TCP/TLS connections are established from a random > port to a destination port on the peer side. And then the remote peer > connects from its random port to our port 5062/5063. > > If understood Kamailio log correctly when it is about to establish a > second connection to the same peer it sees an active connection for > the previous trunk and uses it instead of creating a new one. > > Thank you! > > Regards, Volodymyr Ivanets. > > пн, 2 серп. 2021 о 22:21 Daniel-Constantin Mierla <mico...@gmail.com > <mailto:mico...@gmail.com>> пише: > > Hello, > > do you force local send socket? > > Cheers, > Daniel > > On 02.08.21 18:21, Володимир Іванець wrote: >> Hello Daniel! >> >> I updated Kamailio to the latest released version. The problem is >> that still with tls_set_connect_server_id() I can not make a >> single instance of Kamailio connect to multiple MS Teams domains. >> I use a single IP address with different ports for different >> trunks. I can see it establishing a connection to one trunk and >> using it for other domains. >> >> Is there a way to force Kamailio to make a new TLS connection to >> the same peer address that it is already connected to? >> >> Thank you! >> >> Regards, Volodymyr Ivanets. >> >> пн, 2 серп. 2021 о 13:44 Daniel-Constantin Mierla >> <mico...@gmail.com <mailto:mico...@gmail.com>> пише: >> >> Hello, >> >> upgrading is the recommended way, indeed, if you want to use >> tls_set_connect_server_id(). For older version you may want >> to try looping back to kamailio (can be over udp) and the use >> the xavps. Adds some overhead and hops, but if you are stuck >> to a version and can't really upgrade soon, might be an >> option to look at. >> >> Cheers, >> Daniel >> >> On 29.07.21 18:48, Володимир Іванець wrote: >>> Hello Rob! >>> >>> Yes, I'm using Letsencrypt while I'm testing. But I would >>> like to be able to use different certificates with different >>> sockets. >>> >>> I found this >>> discussion https://github.com/kamailio/kamailio/issues/2413 >>> <https://github.com/kamailio/kamailio/issues/2413>. Looks >>> like I need to use "tls_set_connect_server_id()" instead of >>> setting $xavp(tls=>server_name)" and >>> "$xavp(tls[0]=>server_id)". Unfortunately I'm currently >>> using Kamailio v5.4 on my test system and this function is >>> not available. I will update Kamailio and give it another >>> try. Then I will update everyone in the hope it will be >>> useful for someone :) >>> >>> Thank you! >>> >>> Regards, Volodymyr Ivanets >>> >>> чт, 29 лип. 2021 о 19:07 Rob van den Bulk >>> <rob.van.den.b...@gmail.com >>> <mailto:rob.van.den.b...@gmail.com>> пише: >>> >>> Hello, are u using letsencrypt? >>> >>> U can use a multi domain. >>> >>> Muti domain names in one certificate >>> >>> Outlook voor Android <https://aka.ms/AAb9ysg> downloaden >>> >>> ------------------------------------------------------------------------ >>> *From:* sr-users <sr-users-boun...@lists.kamailio.org >>> <mailto:sr-users-boun...@lists.kamailio.org>> on behalf >>> of Володимир Іванець <volodyaivan...@gmail.com >>> <mailto:volodyaivan...@gmail.com>> >>> *Sent:* Thursday, July 29, 2021 4:44:16 PM >>> *To:* Kamailio (SER) - Users Mailing List >>> <sr-users@lists.kamailio.org >>> <mailto:sr-users@lists.kamailio.org>> >>> *Subject:* [SR-Users] Integration with multiple MS Teams >>> instances >>> >>> Hello all! >>> >>> I was able to connect Kamailio with MS Teams and now >>> trying to add one more Teams instance. It looks like I >>> have some misconfiguration or there is a bug. >>> >>> My test server has 2 domain records pointing at it >>> (kamailio.domain1.com <http://kamailio.domain1.com> and >>> kamailio.domain2.com <http://kamailio.domain2.com>). My >>> tls.cfg configuration file looks like this. As you can >>> see the Default section is configured with a >>> kamailio.domain1.com <http://kamailio.domain1.com> >>> sertificate: >>> >>> /[server:default]/ >>> /method = TLSv1.0+/ >>> /require_certificate = no/ >>> /verify_certificate = no/ >>> /private_key = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >>> <http://kamailio.domain1.com/server/key.pem>/ >>> /certificate = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >>> <http://kamailio.domain1.com/server/cert.pem>/ >>> /ca_list = >>> /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >>> <http://kamailio.domain1.com/CA/cert.pem>/ >>> >>> / >>> / >>> >>> /[client:default]/ >>> /method = TLSv1.0+/ >>> /require_certificate = no/ >>> /verify_certificate = no/ >>> /private_key = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >>> <http://kamailio.domain1.com/server/key.pem>/ >>> /certificate = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >>> <http://kamailio.domain1.com/server/cert.pem>/ >>> /ca_list = >>> /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >>> <http://kamailio.domain1.com/CA/cert.pem>/ >>> >>> / >>> / >>> / >>> / >>> >>> /[server:172.16.30.206:5062 >>> <http://172.16.30.206:5062>]/ >>> /method = TLSv1.0+/ >>> /require_certificate = no/ >>> /verify_certificate = no/ >>> /private_key = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >>> <http://kamailio.domain1.com/server/key.pem>/ >>> /certificate = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >>> <http://kamailio.domain1.com/server/cert.pem>/ >>> /ca_list = >>> /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >>> <http://kamailio.domain1.com/CA/cert.pem>/ >>> /server_name = "kamailio.domain1.com >>> <http://kamailio.domain1.com>"/ >>> /server_id = "//"kamailio.domain1.com >>> <http://kamailio.domain1.com>"// >>> / >>> >>> / >>> / >>> >>> /[client:172.16.30.206:5062 >>> <http://172.16.30.206:5062>]/ >>> /method = TLSv1.0+/ >>> /require_certificate = no/ >>> /verify_certificate = no/ >>> /private_key = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/key.pem >>> <http://kamailio.domain1.com/server/key.pem>/ >>> /certificate = >>> >>> /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem >>> <http://kamailio.domain1.com/server/cert.pem>/ >>> /ca_list = >>> /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem >>> <http://kamailio.domain1.com/CA/cert.pem>/ >>> >>> / >>> >>> / >>> >>> /[server:172.16.30.206:5063 >>> <http://172.16.30.206:5063>]/ >>> /method = TLSv1.0+/ >>> /require_certificate = no/ >>> /verify_certificate = no/ >>> /private_key = >>> >>> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem >>> <http://kamailio.domain2.com/server/key.pem>/ >>> /certificate = >>> >>> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem >>> <http://kamailio.domain2.com/server/cert.pem>/ >>> /ca_list = >>> /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem >>> <http://kamailio.domain2.com/CA/cert.pem>/ >>> /server_name = "kamailio.domain2.com >>> <http://kamailio.domain2.com>"/ >>> >>> /server_id = "//"kamailio.domain2.com >>> <http://kamailio.domain2.com>"/ >>> >>> / >>> / >>> >>> /[client:172.16.30.206:5063 >>> <http://172.16.30.206:5063>]/ >>> /method = TLSv1.0+/ >>> /require_certificate = no/ >>> /verify_certificate = no/ >>> /private_key = >>> >>> /var/kamailio/certificates/kamailio.domain2.com/server/key.pem >>> <http://kamailio.domain2.com/server/key.pem>/ >>> /certificate = >>> >>> /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem >>> <http://kamailio.domain2.com/server/cert.pem>/ >>> /ca_list = >>> /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem >>> <http://kamailio.domain2.com/CA/cert.pem>/ >>> >>> >>> The dispatcher configuration table looks like this: >>> >>> >>> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ >>> | id | setid | destination >>> | flags | priority | attrs >>> | >>> description | >>> >>> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ >>> | 1 | 1 | sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls | >>> 0 | 3 | >>> >>> socket=tls:172.16.30.206:5062;ping_from=sip:kamailio.domain1.com >>> <http://kamailio.domain1.com> | MS Teams 1 | >>> | 2 | 2 | sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls | >>> 0 | 3 | >>> >>> socket=tls:172.16.30.206:5063;ping_from=sip:kamailio.domain2.com >>> <http://kamailio.domain2.com> | MS Teams 2 | >>> >>> +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+ >>> >>> >>> >>> When Kamailio is started only connection with the first >>> trunk is established: >>> >>> /# kamcmd tls.list/ >>> /{/ >>> / id: 1/ >>> / timeout: 0/ >>> / src_ip: 52.114.75.24/ >>> / src_port: 5061/ >>> / dst_ip: 172.16.30.206/ >>> / dst_port: 0/ >>> / cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD/ >>> / ct_wq_size: 0/ >>> / enc_rd_buf: 0/ >>> / flags: 2/ >>> / state: established/ >>> /}/ >>> /{/ >>> / id: 2/ >>> / timeout: 0/ >>> / src_ip: 52.114.75.24/ >>> / src_port: 7810/ >>> / dst_ip: 172.16.30.206/ >>> / dst_port: 5062/ >>> / cipher: AES256-GCM-SHA384 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD/ >>> / ct_wq_size: 0/ >>> / enc_rd_buf: 0/ >>> / flags: 2/ >>> / state: established/ >>> /}/ >>> /{/ >>> / id: 3/ >>> / timeout: 596/ >>> / src_ip: 52.114.75.24/ >>> / src_port: 7811/ >>> / dst_ip: 172.16.30.206/ >>> / dst_port: 5062/ >>> / cipher: AES256-GCM-SHA384 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD/ >>> / ct_wq_size: 0/ >>> / enc_rd_buf: 0/ >>> / flags: 2/ >>> / state: established/ >>> /}/ >>> >>> >>> Here is what I can see in Kamailio log file when it >>> sends an OPTIONS request to the second trunk. Kamailio >>> uses Default tls configuration and MS Teams don't accept it: >>> >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> ALERT: <script>: == TRACE. tm:local-request. fs is >>> tls:172.16.30.206:5063 <http://172.16.30.206:5063>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tm [uac.c:352]: t_run_local_req(): apply new >>> updates without Via to sip msg/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/msg_translator.c:1796]: >>> check_boundaries(): no multi-part body/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:610]: >>> parse_msg(): SIP Request:/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:612]: >>> parse_msg(): method: <OPTIONS>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:614]: >>> parse_msg(): uri: >>> <sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:616]: >>> parse_msg(): version: <SIP/2.0>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/parse_via.c:1303]: >>> parse_via_param(): Found param type 232, <branch> = >>> <z9hG4bK169b.6411b4c3000000000000000000000000.0>; >>> state=16/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/parse_via.c:2639]: >>> parse_via(): end of header reached, state=5/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:498]: >>> parse_headers(): Via found, flags=2/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:500]: >>> parse_headers(): this is the first via/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/parse_addr_spec.c:864]: >>> parse_addr_spec(): end of header reached, state=10/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:171]: >>> get_hdr_field(): <To> [47]; >>> uri=[sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls]/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:174]: >>> get_hdr_field(): to body >>> (47)[<sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls>^M/ >>> /], to tag (0)[]/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:152]: >>> get_hdr_field(): cseq <CSeq>: <10> <OPTIONS>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:185]: >>> get_hdr_field(): content_length=0/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:89]: >>> get_hdr_field(): found end of header/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:610]: >>> parse_msg(): SIP Request:/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:612]: >>> parse_msg(): method: <OPTIONS>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:614]: >>> parse_msg(): uri: >>> <sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:616]: >>> parse_msg(): version: <SIP/2.0>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/parse_via.c:1303]: >>> parse_via_param(): Found param type 232, <branch> = >>> <z9hG4bK169b.6411b4c3000000000000000000000000.0>; >>> state=16/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/parse_via.c:2639]: >>> parse_via(): end of header reached, state=5/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:498]: >>> parse_headers(): Via found, flags=2/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:500]: >>> parse_headers(): this is the first via/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/parse_addr_spec.c:864]: >>> parse_addr_spec(): end of header reached, state=10/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:171]: >>> get_hdr_field(): <To> [47]; >>> uri=[sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls]/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:174]: >>> get_hdr_field(): to body >>> (47)[<sip:sip.pstnhub.microsoft.com >>> <http://sip.pstnhub.microsoft.com>;transport=tls>^M/ >>> /], to tag (0)[]/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/parser/msg_parser.c:152]: >>> get_hdr_field(): cseq <CSeq>: <10> <OPTIONS>/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tm [uac.c:189]: uac_refresh_hdr_shortcuts(): >>> cseq: [CSeq: 10]/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/tcp_main.c:1993]: tcp_send(): no >>> open tcp connection found, opening new one/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/ip_addr.c:229]: print_ip(): >>> tcpconn_new: new tcp connection: 52.114.75.24/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/tcp_main.c:1175]: tcpconn_new(): >>> on port 5061, type 3, socket -1/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: <core> [core/tcp_main.c:1498]: tcpconn_add(): >>> hashes: 2831:67:0, 1/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tls [tls_server.c:199]: tls_complete_init(): >>> completing tls connection initialization/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tls [tls_server.c:162]: >>> tls_get_connect_server_name(): *xavp with outbound >>> server name not found*/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tls [tls_server.c:142]: >>> tls_get_connect_server_id(): *xavp with outbound >>> server id not found*/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tls [tls_server.c:228]: tls_complete_init(): >>> *Using initial TLS domain TLSc<default>* (dom >>> 0x7f35509da688 ctx 0x7f3550b7a568 sn [])/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tls [tls_domain.c:1177]: >>> tls_lookup_private_key(): Private key lookup for >>> SSL_CTX-0x7f3550b7a568: (nil)/ >>> /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: >>> DEBUG: tls [tls_domain.c:747]: >>> sr_ssl_ctx_info_callback(): SSL handshake started/ >>> /.../ >>> >>> >>> If I change the Default configuration to use >>> kamailio.domain2.com <http://kamailio.domain2.com> >>> certificate, the second trunk will connect but the first >>> one will fail. >>> I tried to set "$xavp(tls=>server_name)" and >>> "$xavp(tls[0]=>server_id)" variables to >>> the event_route[tm:local-request] section but log still >>> stated that server Name and ID were not found. >>> >>> Can someone please point me in the right direction, how >>> can I make Kamailio use the correct certificates when >>> establishing multiple TLS connections? >>> >>> Thanks a lot! >>> >>> Regards, Volodymyr Ivanets >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * sr-users@lists.kamailio.org >>> <mailto:sr-users@lists.kamailio.org> >>> Important: keep the mailing list in the recipients, do >>> not reply only to the sender! >>> Edit mailing list options or unsubscribe: >>> * >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> >>> >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> >>> Important: keep the mailing list in the recipients, do not reply >>> only to the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> >> >> -- >> Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> >> www.twitter.com/miconda <http://www.twitter.com/miconda> -- >> www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> >> > -- > Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> > www.twitter.com/miconda <http://www.twitter.com/miconda> -- > www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> > -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users