By setting $du, I was able to force proxy1 to use TLS instead of UDP. $du = "sip:ip:port;transport=tls"<sip:ip:port;transport=tls>; t_relay();
Thanks Daniel for your input. From: Pranathi Venkatayogi Sent: Wednesday, January 25, 2017 8:25 AM To: 'mico...@gmail.com' <mico...@gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org> Subject: RE: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy? I am attaching all the information needed: Here is invite sent by the customer - 10.11.200.21:58822 -(SIP over TLS)-> 10.0.16.52:5061 INVITE sip:span...@translation.sms-test.cyracom.com SIP/2.0 Via: SIP/2.0/TLS 10.11.200.21:58822;rport;branch=z9hG4bKPj40846ca84d834aeb9d6ae838e7d01166;alias Max-Forwards: 70 From: "cust1" <sip:cu...@devtranslation.sms-test.cyracom.com>;tag=46715a1fbe9c4d06a04ecf7e48997955 To: <sip:span...@translation.sms-test.cyracom.com> Contact: <sip:64715890@10.11.200.21:58825;transport=tls> Call-ID: a6a27f5f13a147ff82f48fde3789838e CSeq: 6098 INVITE Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub, gruu User-Agent: Blink 3.0.0 (Windows) Proxy-Authorization: Digest username="cust1", realm="devtranslation.sms-test.cyracom.com", nonce="WIfTSliH0h4rWzCg73Myws7fCOgYpwHyAg5IxIA=", uri="sip:span...@translation.sms-test.cyracom.com", response="391c1e155da5949698501a379b9037a3" Content-Type: application/sdp Content-Length: 359 v=0 o=- 3694256158 3694256158 IN IP4 10.11.200.21 s=Blink 3.0.0 (Windows) t=0 0 m=message 2855 TCP/TLS/MSRP * c=IN IP4 10.11.200.21 a=path:msrps://192.168.1.110:2855/3dc0380f6ef30157c39c;tcp a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml a=setup:active Here is the invite received by the agent. As we see transport=tls is set correctly. Question is why and who is inserting Via header to be UDP port 5060. 10.0.16.52 is proxy1’s IP address. Strange thing is proxy1 has TLS connection with proxy2 and still it is sending via UDP. 172.31.211.31:5061 -(SIP over TLS)-> 10.0.27.108:60894 INVITE sip:20745891@10.0.27.108:60896;transport=tls SIP/2.0 Via: SIP/2.0/TLS 63.149.103.72:5061;branch=z9hG4bKe337.4192b97c6a818407e5631f415c224e45.0 Via: SIP/2.0/UDP 10.0.16.52;rport=5060;branch=z9hG4bKe337.2c67958aee41eaa6f6d03652c89552c8.0;i=1 Via: SIP/2.0/TLS 10.11.200.21:59039;received=10.11.200.21;rport=59039;branch=z9hG4bKPj62fa0d97094946169f04a60aeb9aa215;alias Max-Forwards: 68 From: "cust1" <sip:cu...@devtranslation.sms-test.cyracom.com>;tag=7bbc8a1c90e94d96b3360223ce815d50 To: <sip:span...@translation.sms-test.cyracom.com> Contact: <sip:64715890@10.11.200.21:59045;transport=tls> Record-Route: <sip:63.149.103.72:5060;transport=tls;lr;nat=yes> Record-Route: <sip:10.0.16.52:5061;transport=tls;lr;nat=yes> Call-ID: f1f4cb291ee44c11b3eda6c6801c1d22 CSeq: 28943 INVITE Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub, gruu User-Agent: Blink 3.0.0 (Windows) Content-Type: application/sdp Content-Length: 359 v=0 o=- 3694259050 3694259050 IN IP4 10.11.200.21 s=Blink 3.0.0 (Windows) t=0 0 m=message 2855 TCP/TLS/MSRP * c=IN IP4 10.11.200.21 a=path:msrps://192.168.1.110:2855/3fe6e776d38e70ffc529;tcp a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml a=setup:active Attached is the nslookup output of the proxy2 domain. [cid:image002.jpg@01D27714.A43CB960] From: sr-users [mailto:sr-users-boun...@lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla Sent: Wednesday, January 25, 2017 12:17 AM To: Kamailio (SER) - Users Mailing List <sr-users@lists.sip-router.org<mailto:sr-users@lists.sip-router.org>> Subject: Re: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy? Hello, first thing: do not reply to other emails from the mailing list, create a new one -- at the end of your message is a previous email from the list. It keeps the conversation clean, doesn't mess the email thread id and also makes it easier to understand what's all about (and less bandwidth) on mobile devices. You would have to provide the sip packet (the invite) to understand what happens there. The support of TLS can be discovered via DNS lookup (NAPTR+SRV) or the transport can be enforced in the r-uri with transport=xyz parameter. Cheers, Daniel On 24/01/2017 20:01, Pranathi Venkatayogi wrote: Hi, I have two instances of Kamailio acting as edge proxies. One on the customer side and one on the agent side. Like: customer -> proxy1 -> proxy2 -> agent. Both customer and agent are registered to proxy1/proxy2 via TLS. However when proxy1 forwards to proxy2, it is using UDP. How can I force it to use TLS? Attached is the result of nslookup on the domain: translation.sms-test.cyracom.com. -- Daniel-Constantin Mierla www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda> Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com<http://www.asipto.com> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com<http://www.kamailioworld.com>
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users