By setting $du, I was able to force proxy1 to use TLS instead of UDP.

$du = "sip:ip:port;transport=tls"<sip:ip:port;transport=tls>;
t_relay();

Thanks Daniel for your input.

From: Pranathi Venkatayogi
Sent: Wednesday, January 25, 2017 8:25 AM
To: 'mico...@gmail.com' <mico...@gmail.com>; 'Kamailio (SER) - Users Mailing 
List' <sr-users@lists.sip-router.org>
Subject: RE: [SR-Users] How does Kamailio decide which protocol to use when 
fwding to another proxy?

I am attaching all the information needed:

Here is invite sent by the customer -
10.11.200.21:58822 -(SIP over TLS)-> 10.0.16.52:5061
INVITE sip:span...@translation.sms-test.cyracom.com SIP/2.0
Via: SIP/2.0/TLS 
10.11.200.21:58822;rport;branch=z9hG4bKPj40846ca84d834aeb9d6ae838e7d01166;alias
Max-Forwards: 70
From: "cust1" 
<sip:cu...@devtranslation.sms-test.cyracom.com>;tag=46715a1fbe9c4d06a04ecf7e48997955
To: <sip:span...@translation.sms-test.cyracom.com>
Contact: <sip:64715890@10.11.200.21:58825;transport=tls>
Call-ID: a6a27f5f13a147ff82f48fde3789838e
CSeq: 6098 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.0.0 (Windows)
Proxy-Authorization: Digest username="cust1", 
realm="devtranslation.sms-test.cyracom.com", 
nonce="WIfTSliH0h4rWzCg73Myws7fCOgYpwHyAg5IxIA=", 
uri="sip:span...@translation.sms-test.cyracom.com", 
response="391c1e155da5949698501a379b9037a3"
Content-Type: application/sdp
Content-Length:   359
v=0
o=- 3694256158 3694256158 IN IP4 10.11.200.21
s=Blink 3.0.0 (Windows)
t=0 0
m=message 2855 TCP/TLS/MSRP *
c=IN IP4 10.11.200.21
a=path:msrps://192.168.1.110:2855/3dc0380f6ef30157c39c;tcp
a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml
a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml
a=setup:active

Here is the invite received by the agent. As we see transport=tls is set 
correctly. Question is why and who is inserting Via header to be UDP port 5060. 
10.0.16.52 is proxy1’s IP address. Strange thing is proxy1 has TLS connection 
with proxy2 and still it is sending via UDP.
172.31.211.31:5061 -(SIP over TLS)-> 10.0.27.108:60894
INVITE sip:20745891@10.0.27.108:60896;transport=tls SIP/2.0
Via: SIP/2.0/TLS 
63.149.103.72:5061;branch=z9hG4bKe337.4192b97c6a818407e5631f415c224e45.0
Via: SIP/2.0/UDP 
10.0.16.52;rport=5060;branch=z9hG4bKe337.2c67958aee41eaa6f6d03652c89552c8.0;i=1
Via: SIP/2.0/TLS 
10.11.200.21:59039;received=10.11.200.21;rport=59039;branch=z9hG4bKPj62fa0d97094946169f04a60aeb9aa215;alias
Max-Forwards: 68
From: "cust1" 
<sip:cu...@devtranslation.sms-test.cyracom.com>;tag=7bbc8a1c90e94d96b3360223ce815d50
To: <sip:span...@translation.sms-test.cyracom.com>
Contact: <sip:64715890@10.11.200.21:59045;transport=tls>
Record-Route: <sip:63.149.103.72:5060;transport=tls;lr;nat=yes>
Record-Route: <sip:10.0.16.52:5061;transport=tls;lr;nat=yes>
Call-ID: f1f4cb291ee44c11b3eda6c6801c1d22
CSeq: 28943 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.0.0 (Windows)
Content-Type: application/sdp
Content-Length:   359
v=0
o=- 3694259050 3694259050 IN IP4 10.11.200.21
s=Blink 3.0.0 (Windows)
t=0 0
m=message 2855 TCP/TLS/MSRP *
c=IN IP4 10.11.200.21
a=path:msrps://192.168.1.110:2855/3fe6e776d38e70ffc529;tcp
a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml
a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml
a=setup:active

Attached is the nslookup output of the proxy2 domain.
[cid:image002.jpg@01D27714.A43CB960]


From: sr-users [mailto:sr-users-boun...@lists.sip-router.org] On Behalf Of 
Daniel-Constantin Mierla
Sent: Wednesday, January 25, 2017 12:17 AM
To: Kamailio (SER) - Users Mailing List 
<sr-users@lists.sip-router.org<mailto:sr-users@lists.sip-router.org>>
Subject: Re: [SR-Users] How does Kamailio decide which protocol to use when 
fwding to another proxy?

Hello,

first thing: do not reply to other emails from the mailing list, create a new 
one -- at the end of your message is a previous email from the list. It keeps 
the conversation clean, doesn't mess the email thread id and also makes it 
easier to understand what's all about (and less bandwidth) on mobile devices.

You would have to provide the sip packet (the invite) to understand what 
happens there. The support of TLS can be discovered via DNS lookup (NAPTR+SRV) 
or the transport can be enforced in the r-uri with transport=xyz parameter.

Cheers,
Daniel


On 24/01/2017 20:01, Pranathi Venkatayogi wrote:
Hi,
  I have two instances of Kamailio acting as edge proxies. One on the customer 
side and one on the agent side.
  Like: customer -> proxy1 -> proxy2 -> agent.
  Both customer and agent are registered to proxy1/proxy2 via TLS.

  However when proxy1 forwards to proxy2, it is using UDP. How can I force it 
to use TLS?
  Attached is the result of nslookup on the domain: 
translation.sms-test.cyracom.com.




--

Daniel-Constantin Mierla

www.twitter.com/miconda<http://www.twitter.com/miconda> -- 
www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>

Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - 
www.asipto.com<http://www.asipto.com>

Kamailio World Conference - May 8-10, 2017 - 
www.kamailioworld.com<http://www.kamailioworld.com>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to