[SR-Users] Multiple TLS connections to the same IP:Port

[Nick Digalakis via sr-users]

Hello everyone,

I am trying to use a single Kamailio server to register to multiple MS Teams 
Direct Routing endpoints.

The config snippet I am using is this:

sht_iterator_start("i1", "teams-endpoints");
while(sht_iterator_next("i1")) {

    $var(teams_endpoint) = $shtitkey(i1);

    $xavp(tls=>server_name) = $var(teams_endpoint);
    $xavp(tls[0]=>server_id) = $var(teams_endpoint);

    $uac_req(method)="OPTIONS";
    $uac_req(ruri)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
    $uac_req(furi)="sip:" + $var(teams_endpoint);
    $uac_req(turi)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
    $uac_req(hdrs)="Contact: <sip:" + $var(teams_endpoint) + ":" + "5061" + 
";transport=tls>\r\n";

    ### Create a unique Call-ID based on the Timestamp and the Message Body in 
MD5
    $var(unhashed_cid) = $TV(Sn) + $mb + "";
    $uac_req(callid)=$(var(unhashed_cid){s.md5});

    uac_req_send();
}
sht_iterator_end("i1");

When the HTable has only one endpoint, everything works fine.
When I add a second endpoint, the first one continues to work but the second 
one failing with the error from Microsoft:

Q.850;cause=63;text="85babcde-e0b5-4a85-8f4a-12345678c9ae;SBC certificate is 
not issued correctly. Provided trunk FQDN 'endpoint-02.domain.com' is not 
included in certificate's CN or SAN list. Certificate allows following FQDNs 
only: endpoint-01.domain.com.


After some digging around, I realized that all endpoint after the first fail 
because Kamailio is re-using the same TLS connection for all subsequent OPTIONS 
as well, but of course the connection has been established with the certificate 
of the first endpoint.
I have tested the certificates by switching around the first endpoint, so that 
shouldn't be a problem.

Is there any way I can force it to establish a new TCP/TLS connection for each 
subsequent request?


Any help would be much appreciated, I have been pulling my hair out with this 
one!



Best regards,
Nick

[https://s-install.avcdn.net/ipm/preview/icons/icon-envelope-tick-green-avg-v1.png]<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
     
Virus-free.www.avg.com<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe: