<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">That’s amazing, really getting somewhere now! So I’m now routing calls through the kamailo and onto FS fine, but I’m guessing I’m not quite there, as it only works if STUN is enabled on the handset... so would I be right in thinking it’s not completely doing the ‘sip outbound’ bit?<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 4 Jul 2016, at 17:22, Colin Morelli <<a href="mailto:colin.morelli@gmail.com" class="">colin.morelli@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Awesome! Glad that things are working well.<div class=""><div class=""><br class=""></div><div class="">Now, we're almost there with the outbound support. You'll notice in the script that you're using now that Kamailio will be record-routing itself on INVITE/SUBSCRIBE requests, and it'll be adding itself to the path on REGISTER requests (check that first route {} block and you'll see what I'm referring to). This is 90% of the way there. The only remaining piece is to get Kamailio to correctly handle persistent outbound-style TCP connections and create flow tokens. This is where the outbound module comes in.</div><div class=""><br class=""></div><div class="">You'll want to add loadmodule "outbound.so" to your config file for kamailio. Make sure this appears <i class="">before</i> the path.so and rr.so loadmodule calls. In order for Kamailio to handle outbound correctly it needs those modules to bind to the outbound module. With that done, Kamailio will include flow tokens in the record-route and path headers (you can see this in a pcap if you're interested). Now, you'll want to add a Flow-Timer header to inform your client of how often it should be sending keepalive pings. Unfortunately, at least last I checked, Freeswitch doesn't properly add the "Require: outbound" header to a response for a REGISTER request that includes "Supported: outbound" and a Contact with an ;ob parameter - <i class="">however</i> - it does properly follow the path provided in the register which is all that we really need. So this means we need to instead base the choice on Flow-Timer on whether or not the client advertises support for outbound. This <i class="">may not</i> work in all cases but I can't think of a case where it wouldn't off the top of my head.</div></div><div class=""><br class=""></div><div class="">So, let's add the following block to your onreply_route (this handler already exists in the config file I linked to - we just need to add to it). Also, you may adjust the 30 below to whatever ping interval you want to use between the client and Kamailio:</div><div class=""><br class=""></div><div class=""><div class=""><font face="monospace" class=""> if ($rm == "REGISTER" && $rs >= 200 && $rs <= 299) {</font></div><div class=""><font face="monospace" class=""><span class="Apple-tab-span" style="white-space:pre">                </span>remove_hf("Flow-Timer");</font></div><div class=""><font face="monospace" class=""><span class="Apple-tab-span" style="white-space:pre">                </span>if ($(hdr(Supported)[*]) =~ "outbound") {</font></div><div class=""><font face="monospace" class=""><span class="Apple-tab-span" style="white-space:pre">                        </span>insert_hf("Flow-Timer: 30\r\n", "Call-ID");</font></div><div class=""><font face="monospace" class=""> }</font></div><div class=""><font face="monospace" class=""><span class="Apple-tab-span" style="white-space:pre">        </span>}</font></div></div><div class=""><font face="monospace" class=""><br class=""></font></div><div class="">That <i class="">should</i> work, thought admittedly you might need to play around with other ways of detecting if the client is trying to use an outbound connection (I'm using Kamailio as a registrar in my case which does properly add the Require: header, so the check there is easy). If it doesn't work, another way of checking that should work is to check if the "Contact:" header contains the "ob" param.</div><div class=""><br class=""></div><div class="">Anyway, that should technically be all you need to make this work. But, it's generally based to let Freeswitch know if it's calling out to a client that no longer exists. For example, you may have a 30 minute registration timeline but the socket may be closed after 5 minutes. When FS makes a call out to Kamailio to forward to an outbound client, Kamailio should respond with a "430 Flow Failed" response so Freeswitch knows to cleanup that (now invalid) registration.</div><div class=""><br class=""></div><div class="">Check out the edge-proxy example on this page <a href="http://www.kamailio.org/docs/modules/4.3.x/modules/outbound.html#idp17551232" class="">http://www.kamailio.org/docs/modules/4.3.x/modules/outbound.html#idp17551232</a> to see how you can add that functionality (you'll want to look at the failure_route and t_on_failure calls).</div><div class=""><br class=""></div><div class="">Note - at some point it might make more sense to remove registrations from FS and free it up to just handle media, but this should work for now.</div><div class=""><br class=""></div><div class="">Best,</div><div class="">Colin</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Mon, Jul 4, 2016 at 11:54 AM Rick Jarvis <<a href="mailto:rick.jarvis@magicmail.mooo.com" class="">rick.jarvis@magicmail.mooo.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">I’m on Kamailio v 4.2.0… <div class=""><br class=""></div><div class="">Great, that’s working now, restarts fine and I can register using the proxy! Also if I do a sofia status reg, it shows the IP for the registration as the Kamailio IP, so I guess the signalling is working ok? Is it just the outbound/path support it needs now?</div></div><div style="word-wrap:break-word" class=""><div class=""><br class=""><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On 4 Jul 2016, at 16:23, Colin Morelli <<a href="mailto:colin.morelli@gmail.com" target="_blank" class="">colin.morelli@gmail.com</a>> wrote:</div><br class=""><div class=""><div dir="ltr" class="">Hey Rick,<div class=""><br class=""></div><div class="">Are you using the exact config file posted on the wiki? That looks like it's probably a bit old, for a much earlier version of Kamailio. I'm assuming you're using something in the 4.x range, which might require some adjustments.</div><div class=""><br class=""></div><div class=""><div class=""><span style="line-height:1.5" class="">First, I'd suggest trying to use a more up-to-date config file. The one over here looks decent: </span><a href="https://blog.voipxswitch.com/2015/03/27/kamailio-basic-sip-proxy-all-requests-setup/" target="_blank" class="">https://blog.voipxswitch.com/2015/03/27/kamailio-basic-sip-proxy-all-requests-setup/</a></div><div class=""><br class=""></div><div class="">Note that the proxy script there is a bit more complex than what you've got now, but it should be pretty straightforward to figure out. Additionally, it includes log statements that'll show up without needing to enable the very verbose Kamailio debug logs. They should help you figure out what's going on. Also, that proxy script doesn't yet add the outbound/path support that you're looking for - but we can get to that point once we get traffic just getting to Freeswitch (it's simple to add).</div></div><div class=""><br class=""></div><div class="">Next, try to get a SIP trace and see what the traffic looks like. You can capture TCP traffic with (assuming eth0 is the interface that the traffic is on): <span style="line-height:1.5" class=""><font face="monospace" class="">tcpdump -s 0 -i eth0 -w /tmp/sip.pcap port 5060</font></span><span style="line-height:1.5" class="">. </span><span style="line-height:1.5" class="">Getting a packet capture and looking through it will help you identify what Kamailio is doing with the call.</span></div><div class=""><span style="line-height:1.5" class=""><br class=""></span></div><div class=""><span style="line-height:1.5" class="">Start with that and let's see where we get. From there we'll probably have a better idea of the next steps.</span></div><div class=""><span style="line-height:1.5" class=""><br class=""></span></div><div class=""><span style="line-height:1.5" class="">Best,</span></div><div class=""><span style="line-height:1.5" class="">Colin</span></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Mon, Jul 4, 2016 at 11:05 AM Rick Jarvis <<a href="mailto:rick.jarvis@magicmail.mooo.com" target="_blank" class="">rick.jarvis@magicmail.mooo.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Still struggling with this config trying to get Kamailio to act as an outbound proxy for NAT’d connections.<div class=""><br class=""></div><div class=""><blockquote type="cite" class=""><div style="word-wrap:break-word" class=""><div class=""><div class=""><blockquote type="cite" class=""><div class=""><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="auto" style="word-wrap:break-word" class=""><div class=""><ol class=""><li class=""><a href="https://wiki.freeswitch.org/wiki/Kamailio_basic_setup_as_proxy_for_FreeSWITCH" target="_blank" class="">https://wiki.freeswitch.org/wiki/Kamailio_basic_setup_as_proxy_for_FreeSWITCH</a></li></ol></div></div></blockquote></div></div></blockquote></div></div></div></blockquote><div class=""><br class=""></div>I’ve changed the IPs to mine of course, and I’ve even simplified by not using private IPs anywhere. Enabling debugging doesn’t give me anything I understand. The IP of FreeSWITCH isn’t showing anywhere in the log, which suggests to me that it’s not even getting as far as passing the SIP request to FS…? The x.x.x.x below is the IP of the kamailio box...</div><div class=""><br class=""></div><div class="">Help! This is driving me mad….<br class=""><div class=""><br class=""></div><div class=""><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/parse_via.c:1284]: parse_via_param(): Found param type 235, <rport> = <5076>; state=16</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/parse_via.c:1284]: parse_via_param(): Found param type 232, <branch> = <z9hG4bK-5aed5dc1317bd4b9202a5f65f33730f7>; state=6</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header reached, state=5</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/parse_via.c:1284]: parse_via_param(): Found param type 235, <rport> = <5076>; state=16</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers: Via found, flags=62</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header reached, state=5</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/msg_parser.c:526]: parse_headers(): parse_headers: this is the second via</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers: Via found, flags=ffffffffffffffff</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/parse_addr_spec.c:898]: parse_addr_spec(): end of header reached, state=10</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/msg_parser.c:526]: parse_headers(): parse_headers: this is the second via</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/msg_parser.c:190]: get_hdr_field(): DEBUG: get_hdr_field: <To> [61]; uri=[<a class="">sip:*910000972592892325@x.x.x.x]</a></font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/parse_addr_spec.c:176]: parse_to_param(): DEBUG: add_param: tag=73pNXe7gUUXpr</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/msg_parser.c:192]: get_hdr_field(): DEBUG: to body [*910000972592892325 <<a class="">sip:*910000972592892325@x.x.x.x</a>>#015#012]</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/parse_addr_spec.c:898]: parse_addr_spec(): end of header reached, state=29</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [parser/msg_parser.c:170]: get_hdr_field(): get_hdr_field: cseq <CSeq>: <1> <INVITE></font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/msg_parser.c:190]: get_hdr_field(): DEBUG: get_hdr_field: <To> [79]; uri=[<a class="">sip:*910000972592892325@x.x.x.x]</a></font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: tm [t_lookup.c:949]: t_reply_matching(): DEBUG: t_reply_matching: hash 21995 label 0 branch 0</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/msg_parser.c:192]: get_hdr_field(): DEBUG: to body [*910000972592892325 <<a class="">sip:*910000972592892325@x.x.x.x</a>>]</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: tm [t_lookup.c:1004]: t_reply_matching(): DEBUG: t_reply_matching: reply matched (T=0x7f3ab64ecbe0)!</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/msg_parser.c:170]: get_hdr_field(): get_hdr_field: cseq <CSeq>: <1> <INVITE></font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: tm [t_lookup.c:1141]: t_check_msg(): DEBUG: t_check_msg: msg id=2 global id=2 T end=0x7f3ab64ecbe0</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/msg_parser.c:204]: get_hdr_field(): DEBUG: get_hdr_body : content_length=0</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: tm [t_reply.c:2210]: reply_received(): DEBUG: reply_received: org. status uas=100, uac[0]=0 local=0 is_invite=1)</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: tm [t_reply.c:1304]: t_should_relay_response(): ->>>>>>>>> T_code=100, new_code=100</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: tm [t_lookup.c:949]: t_reply_matching(): DEBUG: t_reply_matching: hash 21995 label 0 branch 0</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: tm [t_reply.c:1822]: relay_reply(): DEBUG: relay_reply: branch=0, save=0, relay=-1 icode=0</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: tm [t_lookup.c:1004]: t_reply_matching(): DEBUG: t_reply_matching: reply matched (T=0x7f3ab64ecbe0)!</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [usr_avp.c:643]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: tm [t_lookup.c:1141]: t_check_msg(): DEBUG: t_check_msg: msg id=2 global id=2 T end=0x7f3ab64ecbe0</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [usr_avp.c:643]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: tm [t_reply.c:2210]: reply_received(): DEBUG: reply_received: org. status uas=100, uac[0]=100 local=0 is_invite=1)</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [usr_avp.c:643]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: tm [t_reply.c:1304]: t_should_relay_response(): ->>>>>>>>> T_code=100, new_code=407</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [usr_avp.c:643]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: tm [t_reply.c:1822]: relay_reply(): DEBUG: relay_reply: branch=0, save=0, relay=0 icode=0</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [usr_avp.c:643]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14187]: DEBUG: <core> [msg_translator.c:2266]: generate_res_buf_from_sip_res(): old size: 976, new size: 890</font></span></div><div style="margin:0px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)" class=""><span class=""><font size="1" class="">Jul 4 10:53:40 proxy /usr/sbin/kamailio[14188]: DEBUG: <core> [usr_avp.c:643]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)</font></span></div></div></div></div><div style="word-wrap:break-word" class=""><div class=""><div class=""><div class=""><blockquote type="cite" class=""><div class="">On 2 Jul 2016, at 20:08, Rick Jarvis <<a href="mailto:rick.jarvis@magicmail.mooo.com" target="_blank" class="">rick.jarvis@magicmail.mooo.com</a>> wrote:</div><br class=""><div class=""><div style="word-wrap:break-word" class="">Thanks Colin, really appreciate the help!<div class=""><br class=""></div><div class="">So should the SIP_DOMAIN in kamctlrc be the IP of the kamailio server… or the FS server?</div><div class=""><br class=""></div><div class="">And should the handset be set to use the FS public IP as the SIP server, and the kamailio server as the proxy?</div><div class=""><br class=""></div><div class="">And should there be something else listed as the @ realm in the register name?!</div><div class=""><br class=""></div><div class="">I am determined to get my head around proxying!</div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On 2 Jul 2016, at 19:35, Colin Morelli <<a href="mailto:colin.morelli@gmail.com" target="_blank" class="">colin.morelli@gmail.com</a>> wrote:</div><br class=""><div class=""><div dir="ltr" class="">Rick,<div class=""><br class=""></div><div class="">FS has four variables you'll need to be concerned with. sip-ip, rtp-ip, ext-sip-ip, and ext-rtp-ip.</div><div class=""><br class=""></div><div class="">The sip/rtp-ip variables tell Freeswitch which IP address it should bind to for SIP and RTP traffic, respectively. The ext-*-ip variables tell Freeswitch what IP addresses it should <i class="">advertise</i> that it listens to, for SIP and RTP, respectively. In cases where FS is behind a NAT of some type, these may be different. If your public IP is directly attached to an interface on the FS box, they may very well be the same.</div><div class=""><br class=""></div><div class="">In your case, you likely want sip-ip and ext-sip-ip set to the private IP address for the FS instances. Similarly, you want rtp-ip and ext-rtp-ip set to the public IP address for the FS instance. (I believe if you don't set ext-*-ip variables at all they just default to the same as their non-ext counterparts).</div><div class=""><br class=""></div><div class="">With this configuration, FS will listen to SIP traffic over the private interface (from your Kamailio proxy). When it needs to construct 200 OKs or INVITEs, it will <i class="">advertise</i> itself as listening to media on its own public interface (the value of the rtp-ip variable).</div><div class=""><br class=""></div><div class="">As far as not seeing anything in syslog for the registration, Kamailio is fairly light on logging by default (unless you set debug=4), and the script that you referenced doesn't contain any xlog statements so you probably won't see anything. I'd instrument the script with xlog() calls throughout and see if it gets you anything. When in doubt you can always tcpdump as well to see if you're getting the requests/responses you hope to get.</div><div class=""><br class=""></div><div class="">Best,</div><div class="">Colin</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Sat, Jul 2, 2016 at 2:29 PM Rick Jarvis <<a href="mailto:rick.jarvis@magicmail.mooo.com" target="_blank" class="">rick.jarvis@magicmail.mooo.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" dir="auto" class="">Ok, so first step is to get Kamailio working as a proxy. TLS will come in time….<div class=""><br class=""></div><div class=""><ol class=""><li class="">I’ve used this config file <a href="https://wiki.freeswitch.org/wiki/Kamailio_basic_setup_as_proxy_for_FreeSWITCH" target="_blank" class="">https://wiki.freeswitch.org/wiki/Kamailio_basic_setup_as_proxy_for_FreeSWITCH</a></li><li class="">Kamailio server and FS server both have public and private interfaces</li><li class="">Kamailio server is listening on its public IP</li><li class="">FS is listening (profile internal) on its private IP</li><li class="">Kamailio is set to rewrite to FS server’s private IP</li></ol><div class=""><br class=""></div></div><div class="">What I don’t quite get, having not used a proxy in this way before, is what happens next. If FS needs to advertise its public IPs for the RTP, how does this happen?</div><div class=""><br class=""></div><div class="">So far I’m not seeing anything at all in Syslog for the incoming registration.</div><div class=""><br class=""></div><div class="">Any help appreciated!</div><div class=""><br class=""><div class=""><blockquote type="cite" class=""></blockquote></div></div></div><div style="word-wrap:break-word" dir="auto" class=""><div class=""><div class=""><blockquote type="cite" class=""><div class="">On 30 Jun 2016, at 14:39, Colin Morelli <<a href="mailto:colin.morelli@gmail.com" target="_blank" class="">colin.morelli@gmail.com</a>> wrote:</div><br class=""></blockquote></div></div></div><div style="word-wrap:break-word" dir="auto" class=""><div class=""><div class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class="">Rick,<br class=""><br class="">(Sorry for the long email, hopefully it's helpful)<br class=""><br class="">It sounds like you're mostly concerned with FS initiating calls to handsets behind NAT, is that correct?<br class=""><br class="">If so, what you probably want is SIP outbound (RFC 5626). It's the best way to avoid NAT issues with clients. Under this model, clients keep a persistent connection open to the server. The server is responsible for using that connection to deliver INVITEs to the client, thus avoiding the need to ever open its own connection.<div class=""><br class=""></div><div class="">In my (relatively limited) experience with FS, it was able to act like a SIP outbound server, but it doesn't directly advertise it and supporting SIP outbound is really outside of the core scope of what FS does. So, in my setup, I use Kamailio to provide the SIP outbound support. A brief description of my setup (which seems to work fine with clients behind NAT)</div><div class=""><br class=""></div><div class="">Kamailio edge proxy cluster (provides SIP outbound support to clients, allows public SIP traffic)</div><div class="">Kamailio proxy + registrar (only allows SIP traffic from inside the local network, provides registration support)</div><div class="">Freeswitch (only allows SIP traffic from inside the local network, has a public IP address and open firewall for RTP traffic).</div><div class=""><br class=""></div><div class="">So, a registration from a client hits the Kamailio edge proxy, which parks the socket connection and sends it on to the second Kamailio proxy/registrar. When FS needs to make outbound calls to clients, it hits the Kamailio proxy/registrar, which forwards it to the edge proxy that has an existing connection the client and uses it to deliver the invite (this is all handled by Kamailio with it's outbound, path, registrar, and usrloc modules).</div><div class=""><br class=""></div><div class="">Note your setup might not require the use of two layers of proxies before FS. In my case, I keep registrations off of FS so it's only handling calls. If you have registrations in FS, you can likely just have a Kamailio edge proxy for advertising SIP outbound support, and have it proxy all traffic into FS.</div><div class=""><br class=""></div><div class="">With this setup, FS will receive SIP traffic from Kamailio, and advertise (in the SDP) its public IP address for RTP media (which needs to be allowed through the firewall). Freeswitch will then open what it refers to as an auto-adjust window for the RTP media. In other words, FS will assume that the first address/port to send RTP media to the RTP port configured for a call is the remote client for that call. As a result, FS is able to cope with clients behind NAT on the media side as well. I believe this feature is enabled by default, but you may have to enable it - you'd have to check the docs on this one.</div><div class=""><br class=""></div><div class="">With those two pieces combined you should be able to get past any NAT issues without the need for STUN/TURN. Unless you bypass media on FS, in which case you're going to need those.</div><div class=""><br class=""></div><div class="">Hopefully that helps you out a bit.</div><div class=""><br class=""></div><div class="">Best,</div><div class="">Colin</div><div class=""><div class=""><div class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Thu, Jun 30, 2016 at 8:52 AM Rick Jarvis <<a href="mailto:rick.jarvis@magicmail.mooo.com" target="_blank" class="">rick.jarvis@magicmail.mooo.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I’d be interested to hear what different people use to provide some level of security for remote end-users such as homeworkers, and to get round NAT issues.<br class="">
<br class="">
We currently use OpenVPN, as this is built into the firmware of Yealink handsets (it’s a great feature, I’m not sure why more handset manufacturers don’t do this?!). The pros are that not only is it secure, but it also removes any problems with NAT for the RTP streams.<br class="">
<br class="">
The downsides are that it is complicated (and downright frustrating sometimes) to set up, and there are additional things to consider such as the server configuration and overheads.<br class="">
<br class="">
TLS/SSL with SRTP is another option, but my understanding of this is that it can cause NAT problems, with FreeSWITCH trying to initiate control channels back to the phone for inbound calls. In fact, I’ve always had problems with getting phones to work when behind NAT anyway, even without SSL/TLS. STUN can be used to ascertain the IP, but how do you handle situations where multiple handsets are behind NAT - you can’t open all RTP ports to all handsets at once?!!<br class="">
<br class="">
Would be very interested to hear thoughts and methods on these points.<br class="">
<br class="">
Thanks<br class="">
R<br class="">
_________________________________________________________________________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a></blockquote></div></div></div></div></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class=""><a href="http://www.freeswitchsolutions.com/" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class=""><br class="">Official FreeSWITCH Sites<br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a><br class=""><a href="http://confluence.freeswitch.org/" target="_blank" class="">http://confluence.freeswitch.org</a><br class=""><a href="http://www.cluecon.com/" target="_blank" class="">http://www.cluecon.com</a><br class=""><br class="">FreeSWITCH-users mailing list<br class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></div></blockquote></div></div></div>
_________________________________________________________________________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a></blockquote></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class=""><a href="http://www.freeswitchsolutions.com/" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class=""><br class="">Official FreeSWITCH Sites<br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a><br class=""><a href="http://confluence.freeswitch.org/" target="_blank" class="">http://confluence.freeswitch.org</a><br class=""><a href="http://www.cluecon.com/" target="_blank" class="">http://www.cluecon.com</a><br class=""><br class="">FreeSWITCH-users mailing list<br class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></div></blockquote></div><br class=""></div></div>_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class=""><a href="http://www.freeswitchsolutions.com/" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class=""><br class="">Official FreeSWITCH Sites<br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a><br class=""><a href="http://confluence.freeswitch.org/" target="_blank" class="">http://confluence.freeswitch.org</a><br class=""><a href="http://www.cluecon.com/" target="_blank" class="">http://www.cluecon.com</a><br class=""><br class="">FreeSWITCH-users mailing list<br class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></div></blockquote></div><br class=""></div></div></div>_________________________________________________________________________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a></blockquote></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class=""><a href="http://www.freeswitchsolutions.com/" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class=""><br class="">Official FreeSWITCH Sites<br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a><br class=""><a href="http://confluence.freeswitch.org/" target="_blank" class="">http://confluence.freeswitch.org</a><br class=""><a href="http://www.cluecon.com/" target="_blank" class="">http://www.cluecon.com</a><br class=""><br class="">FreeSWITCH-users mailing list<br class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></div></blockquote></div><br class=""></div></div></div>_________________________________________________________________________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a></blockquote></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></div></body></html>