[jitsi-dev] Re: SIP TLS problem - and BYE message


#1

Hi,

thanks a lot for you help. I have just downloaded and tested the new 3543
version and the problem has been solved.

But I have another question
The scenario is: A call B (audio call) with both TCP and TLS:
Everything works fine if A close the call: Jitsi sends the SIP BYE message
to the Outbound Proxy configured and the call is correctly closed. BUT if
B close the call, Jitsi sends the SIP BYE message to the Kamailio SIP server
that is behind the Outbound Proxy, instead of to use the Outbound
Proxy configured.

I think this could be a bug of jitsy.
Could you please fix it?
Thanks in advance,
laura

···

On Thu, Jun 16, 2011 at 4:30 PM, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

a fix for the problem was just committed and will be available in next
build (I believe it will be 3540). This was a problem we worked while
ago and after sending a patch to jain-sip and after updating the
library a simple comment was left by mistake that enables this fix.
Thanks for the report and test next build is it ok with your Kamailio TLS
setup.

Thanks
damencho

On Thu, Jun 16, 2011 at 5:03 PM, laura testi <lau.testi@gmail.com> wrote:
> Hi,
> currently I am testing the Jitsi sip client together with Kamailio SIP
> server. The UDP and TCP works fine, but I have the problem to use TLS. In
> TLS, when Jitsi send the SIP Request to SIP Server Kamailio, it always
set
> it's Contact's port to 5061 instead of the port which is being used to
> connect to Kamailio. That causes the problem when Kamailio need to send
the
> message to Jitsi becuase it needs the Kamailio SIP server open a new TLS
> connect as a SSL client to connect to the Jitsi (as SSL Server) and
fails.
> For some SIP message, this can be fixed by hacking in the configuration
of
> Kamailio to force the server to use the received port of Jistsi to
delivery
> the messages to Jitsi client, but it's not always ok. For example for the
> ACK of the audio/video call. I think this could be a bug ofg Jitsi. Can
you
> fix it please?
>
> While I configure Jitsi to use TCP, it always set the Contact's port of
its
> Request to the port currently used to connect to the SIP server kamailio.
> Everything works wells w even it's behind of Firewall/NAT.
>
> Thanks in advanced!
>
> Best Regards,
> Laura
>
>


#2

На 17.06.11 17:05, laura testi написа:

The scenario is: A call B (audio call) with both TCP and TLS:
Everything works fine if A close the call: Jitsi sends the SIP BYE
message to the Outbound Proxy configured and the call is correctly
closed. BUT if B close the call, Jitsi sends the SIP BYE message to the
Kamailio SIP server that is behind the Outbound Proxy, instead of
to use the Outbound Proxy configured.

Oh that's weird .... we never ever send SIP messages to anyone else but
the outbound proxy. Could you please send some logs over?

Thanks,
Emil

···

I think this could be a bug of jitsy.
Could you please fix it?
Thanks in advance,
laura

On Thu, Jun 16, 2011 at 4:30 PM, Damian Minkov <damencho@jitsi.org > <mailto:damencho@jitsi.org>> wrote:

    Hi,

    a fix for the problem was just committed and will be available in next
    build (I believe it will be 3540). This was a problem we worked while
    ago and after sending a patch to jain-sip and after updating the
    library a simple comment was left by mistake that enables this fix.
    Thanks for the report and test next build is it ok with your
    Kamailio TLS setup.

    Thanks
    damencho

    On Thu, Jun 16, 2011 at 5:03 PM, laura testi <lau.testi@gmail.com > <mailto:lau.testi@gmail.com>> wrote:
    > Hi,
    > currently I am testing the Jitsi sip client together with Kamailio SIP
    > server. The UDP and TCP works fine, but I have the problem to use
    TLS. In
    > TLS, when Jitsi send the SIP Request to SIP Server Kamailio, it
    always set
    > it's Contact's port to 5061 instead of the port which is being used to
    > connect to Kamailio. That causes the problem when Kamailio need to
    send the
    > message to Jitsi becuase it needs the Kamailio SIP server open a
    new TLS
    > connect as a SSL client to connect to the Jitsi (as SSL Server)
    and fails.
    > For some SIP message, this can be fixed by hacking in the
    configuration of
    > Kamailio to force the server to use the received port of Jistsi to
    delivery
    > the messages to Jitsi client, but it's not always ok. For example
    for the
    > ACK of the audio/video call. I think this could be a bug ofg
    Jitsi. Can you
    > fix it please?
    >
    > While I configure Jitsi to use TCP, it always set the Contact's
    port of its
    > Request to the port currently used to connect to the SIP server
    kamailio.
    > Everything works wells w even it's behind of Firewall/NAT.
    >
    > Thanks in advanced!
    >
    > Best Regards,
    > Laura
    >
    >

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#3

Hi Emil,
thanks for your quick reply.
I send you in attach two .pcap files (use "sip" as presentation filter).

You will see:

client:
10.10.2.38: alice IP address
10.10.2.11: barbara1 IP address

Servers:
10.10.5.209: is the Outbound Proxy configured in ours Jitsi client
10.10.5.207: is a Kamailio server behind the Outbound Proxy

*1 case (barbara_calls_close_vs_alice.pcap):*

   - barbara1 calls Alice
   - alice accepts the call
   - barbara1 and alice are connected
   - barbara closes the call

The behaviour is the correct one. All messages are sent from clients to
outbound proxy.

*2 case (barbara_call_to_alice_and_alice_close.pcap): *

   - barbara1 calls Alice
   - alice accepts the call
   - barbara1 and alice are connected
   - Alice closes the call

Here you could find the BYE request sent from alice (IP: 10.10.2.38) to the
Kamailio server (10.10.5.207) instead of outbound proxy (10.10.5.209) as the
others messages do.

Let me know if you have some problem to open the trace pcap file, then I'll
provide them in a text format.

Thanks and kind regards,
laura

SIP_BYE_requests-pcap.zip (317 KB)

···

On Fri, Jun 17, 2011 at 5:34 PM, Emil Ivov <emcho@jitsi.org> wrote:

На 17.06.11 17:05, laura testi написа:

> The scenario is: A call B (audio call) with both TCP and TLS:
> Everything works fine if A close the call: Jitsi sends the SIP BYE
> message to the Outbound Proxy configured and the call is correctly
> closed. BUT if B close the call, Jitsi sends the SIP BYE message to the
> Kamailio SIP server that is behind the Outbound Proxy, instead of
> to use the Outbound Proxy configured.

Oh that's weird .... we never ever send SIP messages to anyone else but
the outbound proxy. Could you please send some logs over?

Thanks,
Emil

>
> I think this could be a bug of jitsy.
> Could you please fix it?
> Thanks in advance,
> laura
>
> On Thu, Jun 16, 2011 at 4:30 PM, Damian Minkov <damencho@jitsi.org > > > <mailto:damencho@jitsi.org>> wrote:
>
> Hi,
>
> a fix for the problem was just committed and will be available in
next
> build (I believe it will be 3540). This was a problem we worked while
> ago and after sending a patch to jain-sip and after updating the
> library a simple comment was left by mistake that enables this fix.
> Thanks for the report and test next build is it ok with your
> Kamailio TLS setup.
>
> Thanks
> damencho
>
> On Thu, Jun 16, 2011 at 5:03 PM, laura testi <lau.testi@gmail.com > > > <mailto:lau.testi@gmail.com>> wrote:
> > Hi,
> > currently I am testing the Jitsi sip client together with Kamailio
SIP
> > server. The UDP and TCP works fine, but I have the problem to use
> TLS. In
> > TLS, when Jitsi send the SIP Request to SIP Server Kamailio, it
> always set
> > it's Contact's port to 5061 instead of the port which is being used
to
> > connect to Kamailio. That causes the problem when Kamailio need to
> send the
> > message to Jitsi becuase it needs the Kamailio SIP server open a
> new TLS
> > connect as a SSL client to connect to the Jitsi (as SSL Server)
> and fails.
> > For some SIP message, this can be fixed by hacking in the
> configuration of
> > Kamailio to force the server to use the received port of Jistsi to
> delivery
> > the messages to Jitsi client, but it's not always ok. For example
> for the
> > ACK of the audio/video call. I think this could be a bug ofg
> Jitsi. Can you
> > fix it please?
> >
> > While I configure Jitsi to use TCP, it always set the Contact's
> port of its
> > Request to the port currently used to connect to the SIP server
> kamailio.
> > Everything works wells w even it's behind of Firewall/NAT.
> >
> > Thanks in advanced!
> >
> > Best Regards,
> > Laura
> >
> >
>
>

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#4

На 17.06.11 17:34, Emil Ivov написа:

На 17.06.11 17:05, laura testi написа:

The scenario is: A call B (audio call) with both TCP and TLS:
Everything works fine if A close the call: Jitsi sends the SIP BYE
message to the Outbound Proxy configured and the call is correctly
closed. BUT if B close the call, Jitsi sends the SIP BYE message to the
Kamailio SIP server that is behind the Outbound Proxy, instead of
to use the Outbound Proxy configured.

Oh that's weird .... we never ever send SIP messages to anyone else but
the outbound proxy. Could you please send some logs over?

Just tried logging in at our local voip server as emcho@google.com. My
SIP registrar was hence Google and our local asterisk was my SIP proxy.
I didn't have any problems registering, making calls or hanging up.

Cheers,

Emil

···

Thanks,
Emil

I think this could be a bug of jitsy.
Could you please fix it?
Thanks in advance,
laura

On Thu, Jun 16, 2011 at 4:30 PM, Damian Minkov <damencho@jitsi.org >> <mailto:damencho@jitsi.org>> wrote:

    Hi,

    a fix for the problem was just committed and will be available in next
    build (I believe it will be 3540). This was a problem we worked while
    ago and after sending a patch to jain-sip and after updating the
    library a simple comment was left by mistake that enables this fix.
    Thanks for the report and test next build is it ok with your
    Kamailio TLS setup.

    Thanks
    damencho

    On Thu, Jun 16, 2011 at 5:03 PM, laura testi <lau.testi@gmail.com >> <mailto:lau.testi@gmail.com>> wrote:
    > Hi,
    > currently I am testing the Jitsi sip client together with Kamailio SIP
    > server. The UDP and TCP works fine, but I have the problem to use
    TLS. In
    > TLS, when Jitsi send the SIP Request to SIP Server Kamailio, it
    always set
    > it's Contact's port to 5061 instead of the port which is being used to
    > connect to Kamailio. That causes the problem when Kamailio need to
    send the
    > message to Jitsi becuase it needs the Kamailio SIP server open a
    new TLS
    > connect as a SSL client to connect to the Jitsi (as SSL Server)
    and fails.
    > For some SIP message, this can be fixed by hacking in the
    configuration of
    > Kamailio to force the server to use the received port of Jistsi to
    delivery
    > the messages to Jitsi client, but it's not always ok. For example
    for the
    > ACK of the audio/video call. I think this could be a bug ofg
    Jitsi. Can you
    > fix it please?
    >
    > While I configure Jitsi to use TCP, it always set the Contact's
    port of its
    > Request to the port currently used to connect to the SIP server
    kamailio.
    > Everything works wells w even it's behind of Firewall/NAT.
    >
    > Thanks in advanced!
    >
    > Best Regards,
    > Laura
    >
    >

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#5

На 17.06.11 23:16, Emil Ivov написа:

На 17.06.11 17:34, Emil Ivov написа:

На 17.06.11 17:05, laura testi написа:

The scenario is: A call B (audio call) with both TCP and TLS:
Everything works fine if A close the call: Jitsi sends the SIP BYE
message to the Outbound Proxy configured and the call is correctly
closed. BUT if B close the call, Jitsi sends the SIP BYE message to the
Kamailio SIP server that is behind the Outbound Proxy, instead of
to use the Outbound Proxy configured.

Oh that's weird .... we never ever send SIP messages to anyone else but
the outbound proxy. Could you please send some logs over?

Just tried logging in at our local voip server as emcho@google.com. My
SIP registrar was hence Google and our local asterisk was my SIP proxy.
I didn't have any problems registering, making calls or hanging up.

Oops hit send too quickly. I also meant to ask: could you please check
that the outbound proxy at Alice is indeed set to 10.10.5.209 ?

Emil

···

Cheers,

Emil

Thanks,
Emil

I think this could be a bug of jitsy.
Could you please fix it?
Thanks in advance,
laura

On Thu, Jun 16, 2011 at 4:30 PM, Damian Minkov <damencho@jitsi.org >>> <mailto:damencho@jitsi.org>> wrote:

    Hi,

    a fix for the problem was just committed and will be available in next
    build (I believe it will be 3540). This was a problem we worked while
    ago and after sending a patch to jain-sip and after updating the
    library a simple comment was left by mistake that enables this fix.
    Thanks for the report and test next build is it ok with your
    Kamailio TLS setup.

    Thanks
    damencho

    On Thu, Jun 16, 2011 at 5:03 PM, laura testi <lau.testi@gmail.com >>> <mailto:lau.testi@gmail.com>> wrote:
    > Hi,
    > currently I am testing the Jitsi sip client together with Kamailio SIP
    > server. The UDP and TCP works fine, but I have the problem to use
    TLS. In
    > TLS, when Jitsi send the SIP Request to SIP Server Kamailio, it
    always set
    > it's Contact's port to 5061 instead of the port which is being used to
    > connect to Kamailio. That causes the problem when Kamailio need to
    send the
    > message to Jitsi becuase it needs the Kamailio SIP server open a
    new TLS
    > connect as a SSL client to connect to the Jitsi (as SSL Server)
    and fails.
    > For some SIP message, this can be fixed by hacking in the
    configuration of
    > Kamailio to force the server to use the received port of Jistsi to
    delivery
    > the messages to Jitsi client, but it's not always ok. For example
    for the
    > ACK of the audio/video call. I think this could be a bug ofg
    Jitsi. Can you
    > fix it please?
    >
    > While I configure Jitsi to use TCP, it always set the Contact's
    port of its
    > Request to the port currently used to connect to the SIP server
    kamailio.
    > Everything works wells w even it's behind of Firewall/NAT.
    >
    > Thanks in advanced!
    >
    > Best Regards,
    > Laura
    >
    >

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#6

yes, the outbound proxy are set correctly to 10.10.5.209 for all clients. In
fact all messages sent by Jitsi go through the outbound proxy except the BYE
message from called party.

···

On Fri, Jun 17, 2011 at 11:21 PM, Emil Ivov <emcho@jitsi.org> wrote:

На 17.06.11 23:16, Emil Ivov написа:
>
>
> На 17.06.11 17:34, Emil Ivov написа:
>> На 17.06.11 17:05, laura testi написа:
>>> The scenario is: A call B (audio call) with both TCP and TLS:
>>> Everything works fine if A close the call: Jitsi sends the SIP BYE
>>> message to the Outbound Proxy configured and the call is correctly
>>> closed. BUT if B close the call, Jitsi sends the SIP BYE message to the
>>> Kamailio SIP server that is behind the Outbound Proxy, instead of
>>> to use the Outbound Proxy configured.
>>
>> Oh that's weird .... we never ever send SIP messages to anyone else but
>> the outbound proxy. Could you please send some logs over?
>
> Just tried logging in at our local voip server as emcho@google.com. My
> SIP registrar was hence Google and our local asterisk was my SIP proxy.
> I didn't have any problems registering, making calls or hanging up.

Oops hit send too quickly. I also meant to ask: could you please check
that the outbound proxy at Alice is indeed set to 10.10.5.209 ?

Emil
>
> Cheers,
>
> Emil
>>
>> Thanks,
>> Emil
>>
>>>
>>> I think this could be a bug of jitsy.
>>> Could you please fix it?
>>> Thanks in advance,
>>> laura
>>>
>>> On Thu, Jun 16, 2011 at 4:30 PM, Damian Minkov <damencho@jitsi.org > >>> <mailto:damencho@jitsi.org>> wrote:
>>>
>>> Hi,
>>>
>>> a fix for the problem was just committed and will be available in
next
>>> build (I believe it will be 3540). This was a problem we worked
while
>>> ago and after sending a patch to jain-sip and after updating the
>>> library a simple comment was left by mistake that enables this fix.
>>> Thanks for the report and test next build is it ok with your
>>> Kamailio TLS setup.
>>>
>>> Thanks
>>> damencho
>>>
>>> On Thu, Jun 16, 2011 at 5:03 PM, laura testi <lau.testi@gmail.com > >>> <mailto:lau.testi@gmail.com>> wrote:
>>> > Hi,
>>> > currently I am testing the Jitsi sip client together with
Kamailio SIP
>>> > server. The UDP and TCP works fine, but I have the problem to use
>>> TLS. In
>>> > TLS, when Jitsi send the SIP Request to SIP Server Kamailio, it
>>> always set
>>> > it's Contact's port to 5061 instead of the port which is being
used to
>>> > connect to Kamailio. That causes the problem when Kamailio need
to
>>> send the
>>> > message to Jitsi becuase it needs the Kamailio SIP server open a
>>> new TLS
>>> > connect as a SSL client to connect to the Jitsi (as SSL Server)
>>> and fails.
>>> > For some SIP message, this can be fixed by hacking in the
>>> configuration of
>>> > Kamailio to force the server to use the received port of Jistsi
to
>>> delivery
>>> > the messages to Jitsi client, but it's not always ok. For example
>>> for the
>>> > ACK of the audio/video call. I think this could be a bug ofg
>>> Jitsi. Can you
>>> > fix it please?
>>> >
>>> > While I configure Jitsi to use TCP, it always set the Contact's
>>> port of its
>>> > Request to the port currently used to connect to the SIP server
>>> kamailio.
>>> > Everything works wells w even it's behind of Firewall/NAT.
>>> >
>>> > Thanks in advanced!
>>> >
>>> > Best Regards,
>>> > Laura
>>> >
>>> >
>>>
>>>
>>
>

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31