<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi Matt,<br>
<br>
When doing SIP routing, all the decisions (where and how to route)
must be done only for the initial requests, for the requests
creating a SIP session/dialog. <br>
The sequential requests (inside en existing dialog) are
automatically routed based on the Route headers, so, from script
level, you should not do anything more than "loose_route() +
t_relay()" .<br>
<br>
This approach is valid for all the OpenSIPS versions.<br>
<br>
See the webinar "Routing in SIP" :<br>
<a class="moz-txt-link-freetext" href="http://www.opensips.org/Documentation/Webinars#toc12">http://www.opensips.org/Documentation/Webinars#toc12</a><br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 06.09.2015 05:14, Matt Hamilton
wrote:<br>
</div>
<blockquote
cite="mid:DM3PR1201MB11180C506E7EE406E7187774B3550@DM3PR1201MB1118.namprd12.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<div style="color: rgb(0, 0, 0);"><br>
<div>
<div id="divtagdefaultwrapper" style="font-size:12pt;
color:#000000; background-color:#FFFFFF;
font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi Bogdan,</p>
<p><br>
</p>
<p>We have been using force_send_socket before calling
t_relay to manually set the outbound interface (out of a
couple of interfaces), so it was done for all the
messages (not only for initial INVITE). Not sure if this
was the right way to do it, but it has worked in 1.7.1.
When we decided to use TLS recently, we also decided to
to upgrade to 1.11. In our script, force_send_socket is
called without explicitly specifying the port and proto.
When those are not specified, in 1.7.1, messages marked
with tls are sent encrypted, whereas in 1.11 they are
sent unencrypted (which the phones didn't like).</p>
<p><br>
</p>
<p>Anyway, passing the port and proto to force_send_socket
took care of it. The more interesting thing we noticed
is that the system also worked when we remove the
force_send_sockets from the script completely. We will
do more tests, and try to remember why the
force_send_sockets were put in the script in the first
place.</p>
<p><br>
</p>
<p>Matt<br>
</p>
<br>
<br>
<div style="color:rgb(0,0,0)">
<hr tabindex="-1" style="display:inline-block;
width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" color="#000000"
face="Calibri, sans-serif"><b>From:</b>
Bogdan-Andrei Iancu <a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a><br>
<b>Sent:</b> Friday, September 4, 2015 11:56 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:users@lists.opensips.org">users@lists.opensips.org</a>;
<a class="moz-txt-link-abbreviated" href="mailto:mistral9999@hotmail.com">mistral9999@hotmail.com</a><br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS discrepancy
between 1.7.1 and 1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
You mean the force_send_socket() you do for the
initial INVITE ? or ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" title="Ctrl+Click or tap to follow the link" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 03.09.2015 17:19, Matt
Hamilton wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper"
style="font-size:12pt; color:#000000;
background-color:#FFFFFF;
font-family:Calibri,Arial,Helvetica,sans-serif">
<p><br>
</p>
Hi Bogdan,<br>
<br>
This issue is seems to be related to
force_send_socket which behaves differently in
1.11 vs 1.7. To make it work, I had to explicitly
specify the port and and the proto (for
force_send_socket) based on "transport=tls"
statement and the direction of the traffic.<br>
<br>
Matt<br>
<br>
<br>
<div style="color:rgb(0,0,0)">
<hr tabindex="-1" style="display:inline-block;
width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" color="#000000"
face="Calibri, sans-serif"><b>From:</b>
Bogdan-Andrei Iancu
<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a><br>
<b>Sent:</b> Monday, August 31, 2015 4:19 PM<br>
<b>To:</b> OpenSIPS users mailling list;
Matt Hamilton<br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS
discrepancy between 1.7.1 and 1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
Indeed, the SIP messages do look ok.<br>
<br>
Could you post the OpenSIPS logs (in debug
4) for processing the NOTIFY request ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" title="Ctrl+Click or tap to follow the link" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 31.08.2015
20:07, Matt Hamilton wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper"
style="font-size:12pt; color:#000000;
background-color:#FFFFFF;
font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi Bogdan,</p>
<p><br>
</p>
<p>Pastebin link is <a
moz-do-not-send="true"
id="LPlnk865729"
href="http://pastebin.com/tM7zqTKX">http://pastebin.com/tM7zqTKX</a></p>
<p><br>
</p>
<p>I included both 1.7.1 and 1.11
captures. I don't see a difference
between them other than 1.11 sending the
NOTIFY to UAC unencrypted. </p>
<p>Btw, INVITEs seems to be behaving the
same way as NOTIFY (don't have a capture
for those - I assume the issue is the
same).
</p>
<p><br>
</p>
<p>Btw, TLS works fine between Opensips
1.11 and the phone (OK messages, etc.
are encrypted). </p>
<p><br>
</p>
<p>Thanks,</p>
<p>Matt<br>
</p>
<p><br>
</p>
<div
id="LPBorder_GT_14410401972370.8445848218100495"
style="margin-top:20px;
margin-bottom:20px; overflow:auto;
width:100%">
<table
id="LPContainer_14410401972340.5586958453477071"
style="border-top:1px solid
rgb(204,204,204); border-bottom:1px
solid rgb(204,204,204); width:80%;
background-color:rgb(255,255,255);
overflow:auto">
<tbody>
<tr valign="top">
<td colspan="1"
id="ImageCell_14410401972350.25229675325672773"
style="width:140px;
display:table-cell; padding:0px">
<div
id="LPImageContainer_14410401972350.22776678362093794"
style="margin-top:12px;
background-color:rgb(255,255,255);
height:auto; width:140px;
display:table">
<a moz-do-not-send="true"
target="_blank"
href="http://pastebin.com/tM7zqTKX"
id="LPImageAnchor_14410401972360.9279506207725204"
style="display:table-cell;
text-align:center"><img
moz-do-not-send="true"
style="display:inline-block;
margin-left:auto;
margin-right:auto;
max-width:140px;
max-height:140px;
height:140px; width:140px;
border-width:0px"
src="http://pastebin.com/i/fb2.jpg"
height="140" width="140"></a></div>
</td>
<td>
<div
id="LPTitle_14410401972370.6280544602592454"
style="">Opensips TLS -
Pastebin.com</div>
<div
id="LPUrlContainer_14410401972370.2557659588497925"
style="margin:8px 14px 10px;
height:18px;
text-overflow:ellipsis;
overflow:hidden;
white-space:nowrap">
<a moz-do-not-send="true"
target="_blank"
href="http://pastebin.com/tM7zqTKX"
id="LPUrlAnchor_14410401972370.691789212973732" style="">Read more...</a></div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<div style="color:rgb(0,0,0)">
<hr tabindex="-1"
style="display:inline-block;
width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt"
color="#000000" face="Calibri,
sans-serif"><b>From:</b>
Bogdan-Andrei Iancu
<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a><br>
<b>Sent:</b> Monday, August 31, 2015
5:21 AM<br>
<b>To:</b> OpenSIPS users mailling
list; <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:mistral9999@hotmail.com">
mistral9999@hotmail.com</a><br>
<b>Subject:</b> Re: [OpenSIPS-Users]
TLS discrepancy between 1.7.1 and
1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
Can you post of pastebin (or
similar) the SIP capture showing the
incoming NOTIFY (via UDP) from
Asterisk and the outgoing NOTIFY
(supposedly via TLS) to UAC ?<br>
Also the SUBSCRIBE request going
from OpenSIPS to Asterisk will help
alot.<br>
<br>
Regards, <br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On
30.08.2015 18:22, Matt Hamilton
wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper"
style="font-size:12pt;
color:#000000;
background-color:#FFFFFF;
font-family:Calibri,Arial,Helvetica,sans-serif">
<p><br>
</p>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
We use Opensips (with TLS) as a
dispatcher to multiple Asterisk
servers. Currently we are in
the process of upgrading from
1.7.1 to 1.11.5, and we ran into
a discrepancy between 1.7.1 and
1.11.5 regarding SIP NOTIFY
messages.</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
Here is the flow (both ways):</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
UAC (TLS) -> Opensips
(UDP)-> Asterisk </div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<span style="font-size:12pt">Asterisk
</span><span
style="font-size:12pt"> (UDP)</span><span
style="font-size:12pt"> ->
Opensips (</span><span
style="font-size:12pt">TLS</span><span
style="font-size:12pt">)->
UAC</span></div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<span style="font-size:12pt"><br>
</span></div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
In 1.7.1, all messages between
Opensips and UAC were encrypted
- didn't matter if it was
originated at UAC or Asterisk.</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
In 1.11.5, the SIP NOTIFY
messages coming from Asterisk
are sent to UAC unencrypted (and
not accepted by UAC). Here is
the request that Opensips
receives and sends to the UAC in
plaintext:</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px;
margin-bottom:0px">
<br>
</div>
<div style="margin-top:0px;
margin-bottom:0px"><font
face="Calibri, Arial,
Helvetica, sans-serif">Request-Line:
NOTIFY
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:sip:101@1.2.3.4:5075;transport=tls;nat=yes">
sip:101@1.2.3.4:5075;transport=tls;nat=yes</a> SIP/2.0</font><br>
</div>
<div style="margin-top:0px;
margin-bottom:0px"><font
face="Calibri, Arial,
Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px;
margin-bottom:0px"><font
face="Calibri, Arial,
Helvetica, sans-serif">Anything
we can do to have that leg
encrypted as well?</font></div>
<div style="margin-top:0px;
margin-bottom:0px"><font
face="Calibri, Arial,
Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px;
margin-bottom:0px"><font
face="Calibri, Arial,
Helvetica, sans-serif">Thanks,</font></div>
<div style="margin-top:0px;
margin-bottom:0px"><font
face="Calibri, Arial,
Helvetica, sans-serif">Matt</font></div>
<div><font face="Calibri, Arial,
Helvetica, sans-serif"><br>
</font></div>
</div>
<br>
<fieldset
class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>