Hi Allen!
Again on-list, please do not use private emails unless you have to
provide sensitive data.
On 28.06.2013 01:17, Allen Zhang wrote:
Hi Klaus,
I dived into it and found the problem:
When UA2 send a REGISTER to the load balancer, fix_nated_register() is called
and source ip of the UA is stored in the connection hash by tcpconn_new(),
instead of the port from the contact header field.
But when proxy tries to send the INVITE to UA2 via the load balancer, the load
balancer calls tcpconn_find() with the port from the contact header field.
Hence can't match the connection stored in hash.
I do not understand that.
fix_nated_register stores both info: the original contact +
src-ip:port:transport.
After lookup(), the Request-URI is filled with the original contact, but
$du (destination URI, internally used by Kamailio for routing) is
populated with src-ip:port:transport. Thus, Kamailio should use the $du
to find the TCP connection.
Anyway, TLS debugging is always difficult. I suggest to try to make it
running with TCP. If TCP works, TLS will work too.
regards
Klaus
I need to use fix_nated_register() because the UA will be behind NAT in the
future. How do I let the LB use aliased port instead of the port from the
contact header field?
Regards,
Allen
-----Original Message-----
From: Klaus Darilion [mailto:klaus.mailingli...@pernau.at]
Sent: Thursday, 27 June 2013 10:54 p.m.
To: Kamailio (SER) - Users Mailing List
Cc: Allen Zhang; Shane Harrison
Subject: Re: [SR-Users] kamailio loadbalancer with TLS problem forwarding
INVITE back to UA
make sure to also use handle_ruri_alias()
http://kamailio.org/docs/modules/4.0.x/modules/nathelper.html#idp16851488
for requests from the proxy->lb->client
see the default kamailio config for proper usage of handle_ruri_alias() and
add_contact_alias()
regards
klaus
On 27.06.2013 02:34, Allen Zhang wrote:
Hi,
Our set up:
UA1 -----
------ Proxy1
\
/
Loadbalancer (dispatcher module)
/
\
UA2-----
------ Proxy2
Both proxies have registrar module loaded and share the same database.
REGISTERs work fine.
The problem is this:
TLS TCP
UA1 ----------------------> LB --------------------> Proxy
INVITE(to UA2) INVITE(to UA2)
TLS TCP
UA1 <------------- LB <------------- Proxy
100 Trying
TLS TCP
UA1 <------------- LB <----------------------- Proxy
INVITE(to UA2)
TLS
TCP
UA1 <----------------------- LB <----------------------- Proxy
100 Trying
All above worked fine. Below is what's expected but never happened:
TLS
TCP
UA2 <----------------------- LB <----------------------- Proxy
INVITE(to UA2)
We'd like the LB to reuse the TLS connection initiated by UA2. But LB
can't find an open connection and tries to start a new TLS connection.
The new connection fails.
UAs are not behind NAT at the moment but will be in the future.
Tried this approaches on LB:
route(ADD_CONTACT_ALIAS);
If (not from proxy)
t_relay();
else
do load balancing
No luck.
Any help is appreciated.
Regards,
Allen
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
list sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
