Asterisk Kamailio Proxy

Hello,
I’m trying to put a Kamailio as proxy on front of my Asterisk server.

I got this issue: when I’m trying to call another endpoint, typically 1101 to 1102 (or reversed), all seems to be forwarded to Asterisk, however, even both endpoints are registered inside Asterisk (with pjsip), I got a reading of the audio file “pbx-invalid”, the endpoint seems to be configured as unavailable.

Did you have any idea of the problem encourted?

I will put all configuration here (anonymiized)

Aside from configuration, you also need to show an Asterisk console output of a call attempt as well as “pjsip show endpoints”

This is the extensions.conf file:

[globals]
INTERNAL_DIAL_OPT=,30

[Hints]
exten = _11XX,hint,PJSIP/${EXTEN}

[Dialing-Errors]
exten = _X.,1,Verbose(1, "User ${CALLERID(num)} dialed an invalid number.")
 same = n,Playback(pbx-invalid)
 same = n,Hangup()

[Internal-Setup]
exten = _X.,1,NoOp()
 same = n,Set(CDR_PROP(disable)=1)
 same = n,Goto(Internal-Main,${EXTEN},1)

[Internal-Main]
include = Hints
include = Dial-Users
include = Dialing-Errors

[Dial-Users]
exten = _11XX,1,Verbose(1, "User ${CALLERID(num)} dialed ${EXTEN}.")
 same = n,Set(SAC_DIALED_EXTEN=${EXTEN})
 same = n,Gotoif($[${DEVICE_STATE(PJSIP/${EXTEN})} = BUSY]?dialed-BUSY,1:)
 same = n,Dial(PJSIP/${EXTEN}${INTERNAL_DIAL_OPT})
 same = n,Goto(dialed-${DIALSTATUS},1)

exten = dialed-NOANSWER,1,NoOp()
 same = n,Voicemail(${SAC_DIALED_EXTEN}@example,u)
 same = n,Hangup()

exten = dialed-BUSY,1,NoOp()
 same = n,Voicemail(${SAC_DIALED_EXTEN}@example,b)
 same = n,Hangup()

exten = dialed-CHANUNAVAIL,1,NoOp()
 same = n,Playback(pbx-invalid)
 same = n,Hangup()

exten = _dialed-.,1,Goto(dialed-NOANSWER,1)
exten = h,1,Hangup()

exten = o,1,Goto(1111)

[Local]
include = Internal-Setup

In the pjsip.conf:

;================================ ENDPOINT TEMPLATES ==
[endpoint-internal](!)
type = endpoint
context = Local
;disallow = all
allow = !all,alaw,ulaw,h264
direct_media = no
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
trust_id_outbound = yes
device_state_busy_at = 1
dtmf_mode = info
media_use_received_transport = yes

[auth-userpass](!)
type = auth
auth_type = userpass

[aor-single-reg](!)
type = aor
max_contacts = 1
qualify_frequency = 60

[1101](endpoint-internal)
auth = 1101
aors = 1101
callerid = PC <1101>

[1101](auth-userpass)
password = ****
username = 1101

[1101](aor-single-reg)

[1102](endpoint-internal)
auth = 1102
aors = 1102
callerid = MOBILE <1102>

[1102](auth-userpass)
password = ****
username = 1102

[1102](aor-single-reg)

For Kamailio:

# Minimal configuration
# Load modules
loadmodule "tm.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "textops.so"
loadmodule "rtpproxy.so"
loadmodule "dispatcher.so"
loadmodule "nathelper.so"

# Global parameters
cfgengine "native"
fork=yes
children=4

log_facility=LOG_LOCAL1

# RTPProxy settings
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:22222")

# Dispatcher settings
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")

# Main request routing logic
route {
        # Max forward check
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483", "Too Many Hops");
                exit;
        }

        # Record routing for stateful processing
        record_route();

        # Load balance using dispatcher
        if (!ds_select_dst("1", "4")) {
                sl_send_reply("500", "No destination");
                exit;
        }

        # Engage RTPProxy for RTP traffic
        if (is_method("INVITE")) {
                rtpproxy_answer();
        } else if (is_method("BYE")) {
                #end_media_session();
                unforce_rtp_proxy();
        }

        # Forward the request
        t_relay();
}

The result of “pjsip show endpoints”:

Endpoint:  1101/1101                                            Not in use    0 of 1
     InAuth:  1101/1101
        Aor:  1101                                               1
      Contact:  1101/sip:1101@192.168.1.2:5060;x-ast-or 8c0483a009 Avail         0.844

 Endpoint:  1102/1102                                            Not in use    0 of 1
     InAuth:  1102/1102
        Aor:  1102                                               1
      Contact:  1102/sip:1102@192.168.1.2:5060;x-ast-or cee3a343cd Avail         0.644

No console output provided. Without that it is not possible to see what you are actually passing to Dial.

Hello,
Firstly, the logs from Asterisk during the registering of endpoints (first 1102, second 1101):

Connected to Asterisk 22.3.0 currently running on asterisk (pid = 26266)
    -- Added contact 'sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060' to AOR '1102' with expiration of 3600 seconds
[Apr 29 09:08:50] ERROR[60406]: res_pjsip_outbound_authenticator_digest.c:504 digest_create_request_with_auth:  noendpoint:192.168.1.2: There were no auth ids available
  == Endpoint 1102 is now Reachable
    -- Contact 1102/sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060 is now Reachable.  RTT: 0.991 msec
    -- Removed contact 'sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060' from AOR '1102' due to request
  == Contact 1102/sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060 has been deleted
  == Endpoint 1102 is now Unreachable
[Apr 29 09:08:50] ERROR[60408]: res_pjsip_outbound_authenticator_digest.c:504 digest_create_request_with_auth:  noendpoint:192.168.1.2: There were no auth ids available
  == Endpoint 1102 is now Reachable
    -- Contact 1102/sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060 is now Reachable.  RTT: 0.876 msec
    -- Added contact 'sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060' to AOR '1102' with expiration of 3600 seconds
    -- Removed contact 'sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060' from AOR '1102' due to request
    -- Added contact 'sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060' to AOR '1102' with expiration of 3600 seconds
  == Contact 1102/sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060 has been deleted
  == Endpoint 1102 is now Unreachable
[Apr 29 09:08:50] ERROR[60409]: res_pjsip_outbound_authenticator_digest.c:504 digest_create_request_with_auth:  noendpoint:192.168.1.2: There were no auth ids available
  == Endpoint 1102 is now Reachable
    -- Contact 1102/sip:1102@192.168.1.2:5060;x-ast-orig-host=192.168.1.15:5060 is now Reachable.  RTT: 0.722 msec
    -- Removed contact 'sip:1101@192.168.1.2:5060;x-ast-orig-host=192.168.1.48:5054' from AOR '1101' due to request
  == Contact 1101/sip:1101@192.168.1.2:5060;x-ast-orig-host=192.168.1.48:5054 has been deleted
  == Endpoint 1101 is now Unreachable
    -- Added contact 'sip:1101@192.168.1.2:5060;x-ast-orig-host=192.168.1.48:5054' to AOR '1101' with expiration of 3598 seconds
[Apr 29 09:08:59] ERROR[57791]: res_pjsip_outbound_authenticator_digest.c:504 digest_create_request_with_auth:  noendpoint:192.168.1.2: There were no auth ids available
  == Endpoint 1101 is now Reachable
    -- Contact 1101/sip:1101@192.168.1.2:5060;x-ast-orig-host=192.168.1.48:5054 is now Reachable.  RTT: 1.024 msec

And when I tried a call:

[Apr 29 09:14:50] ERROR[57791]: res_pjsip_outbound_authenticator_digest.c:504 digest_create_request_with_auth:  noendpoint:192.168.1.2: There were no auth ids available
    -- Executing [1102@Local:1] NoOp("PJSIP/1101-00000000", "") in new stack
    -- Executing [1102@Local:2] Set("PJSIP/1101-00000000", "CDR_PROP(disable)=1") in new stack
    -- Executing [1102@Local:3] Goto("PJSIP/1101-00000000", "Internal-Main,1102,1") in new stack
    -- Goto (Internal-Main,1102,1)
    -- Executing [1102@Internal-Main:1] Verbose("PJSIP/1101-00000000", "1, "User 1101 dialed 1102."") in new stack
  "User 1101 dialed 1102."
    -- Executing [1102@Internal-Main:2] Set("PJSIP/1101-00000000", "SAC_DIALED_EXTEN=1102") in new stack
    -- Executing [1102@Internal-Main:3] GotoIf("PJSIP/1101-00000000", "0?dialed-BUSY,1:") in new stack
    -- Executing [1102@Internal-Main:4] Dial("PJSIP/1101-00000000", "PJSIP/1102,30") in new stack
    -- Called PJSIP/1102
[Apr 29 09:14:55] ERROR[57791]: res_pjsip_outbound_authenticator_digest.c:504 digest_create_request_with_auth:  1102:192.168.1.2: There were no auth ids available
  == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [1102@Internal-Main:5] Goto("PJSIP/1101-00000000", "dialed-CHANUNAVAIL,1") in new stack
    -- Goto (Internal-Main,dialed-CHANUNAVAIL,1)
    -- Executing [dialed-CHANUNAVAIL@Internal-Main:1] NoOp("PJSIP/1101-00000000", "") in new stack
    -- Executing [dialed-CHANUNAVAIL@Internal-Main:2] Playback("PJSIP/1101-00000000", "pbx-invalid") in new stack
    -- <PJSIP/1101-00000000> Playing 'pbx-invalid.alaw' (language 'en')
[Apr 29 09:14:59] ERROR[57791]: res_pjsip_outbound_authenticator_digest.c:504 digest_create_request_with_auth:  noendpoint:192.168.1.2: There were no auth ids available
    -- Executing [dialed-CHANUNAVAIL@Internal-Main:3] Hangup("PJSIP/1101-00000000", "") in new stack
  == Spawn extension (Internal-Main, dialed-CHANUNAVAIL, 3) exited non-zero on 'PJSIP/1101-00000000'
    -- Executing [h@Internal-Main:1] Hangup("PJSIP/1101-00000000", "") in new stack
  == Spawn extension (Internal-Main, h, 1) exited non-zero on 'PJSIP/1101-00000000'

Are you registering THROUGH the proxy?

I put the trace of the “REGISTER” flow by using sngrep:

                                                               Call flow for cbc43bc912b84c0b8e2188c0fc019213 (Color by Request/Response)
                                                                                          │REGISTER sip:192.168.1.2 SIP/2.0
            192.168.1.48:5054           192.168.1.2:5060           192.168.1.2:5070│Via: SIP/2.0/UDP 192.168.1.48:5054;rport;branch=z9hG4bKPjadaad02f47614263b5a45320dd8b858f
          ──────────┬─────────          ──────────┬─────────          ──────────┬─────────│Max-Forwards: 70
  10:38:51.198766   │          REGISTER           │                             │         │From: <sip:1101@192.168.1.2>;tag=e978540d9af242d7bc28bb9600c39f10
        +0.000460   │ ──────────────────────────> │                             │         │To: <sip:1101@192.168.1.2>
  10:38:51.199226   │                             │          REGISTER           │         │Call-ID: cbc43bc912b84c0b8e2188c0fc019213
        +0.000318   │                             │ ──────────────────────────> │         │CSeq: 28553 REGISTER
  10:38:51.199544   │                             │      401 Unauthorized       │         │User-Agent: Jami Daemon 10.0.2 (Windows)
        +0.001397   │                             │ <────────────────────────── │         │Contact: <sip:1101@192.168.1.48:5054>
  10:38:51.200941   │      401 Unauthorized       │                             │         │Expires: 3598
        +0.005736   │ <────────────────────────── │                             │         │Allow: PRACK, SUBSCRIBE, NOTIFY, REFER, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, OPTIONS, MESSAGE, PUBLISH
  10:38:51.206677   │          REGISTER           │                             │         │Content-Length:  0
        +0.000825   │ ──────────────────────────> │                             │         │
  10:38:51.207502   │                             │          REGISTER           │         │
        +0.000620   │                             │ ──────────────────────────> │         │
  10:38:51.208122   │                             │           200 OK            │         │
        +0.000955   │                             │ <────────────────────────── │         │
  10:38:51.209077   │           200 OK            │                             │         │
                    │ <────────────────────────── │                             │         │

Same for the “OPTIONS” flow that come just after:

                                                             Call flow for 91302de3-b516-43a7-bcbe-6e59868d4782 (Color by Request/Response)
                                                            │OPTIONS sip:1101@192.168.1.2:5060 SIP/2.0
           192.168.1.2:5070           192.168.1.2:5060		│Via: SIP/2.0/UDP 192.168.1.2:5070;rport;branch=z9hG4bKPj6f99c276-b1b3-4ad0-a1ee-cf7ae6917887
          ──────────┬─────────          ──────────┬─────────│From: <sip:1101@192.168.1.2>;tag=6028a9d9-4193-47ad-9a19-9b98deba83cf
  10:38:51.208483   │           OPTIONS           │         │To: <sip:1101@192.168.1.2>
        +0.006295   │ ──────────────────────────> │         │Contact: <sip:1101@192.168.1.2:5070>
  10:38:51.214778   │           OPTIONS           │         │Call-ID: 91302de3-b516-43a7-bcbe-6e59868d4782
        +0.000320   │ <────────────────────────── │         │CSeq: 31846 OPTIONS
  10:38:51.215098   │      401 Unauthorized       │         │Max-Forwards: 70
        +0.000269   │ ──────────────────────────> │         │User-Agent: Asterisk PBX 22.3.0
  10:38:51.215367   │      401 Unauthorized       │         │Content-Length:  0
                    │ <────────────────────────── │         │

That doesn’t really answer my question because there is no key for what your IP addresses mean, but I’ll assume yes.

Your issue is your Kamailio configuration. I don’t have experience with that, but that’s where your issues are. It’s not configured to properly handle REGISTER requests going through, to have subsequent INVITEs or OPTIONs go back to the endpoint. Instead you’re just routing those back to Asterisk from what I can tell.

You could also possibly remove this, and stuff may go back to the endpoints directly instead of via the proxy. Though I don’t know if that would be what you want, and NAT handling probably wouldn’t work.

Thank’s, that one of the answer, and, I’m also not sure about possibilities with NAT…
I test it and will let you know about the solution.

Ok, I got a call that work from 1101 to 1102 (Jami PC) but not 1102 to 1101 (Jami Android).

Did you know if some standard samples or tutorials exists to put Kamailio as proxy for Asterisk ?

I known that it probably exists most of things but I don’t found any recent explains and samples…

It’s not something we provide and I’m not aware of any others, doesn’t mean they don’t exist but it is not something I keep track of.

Have a look here… asterisk:index [Asipto - SIP and VoIP Knowledge Base Site]

This will help you configure the register part.

@meightee, I tried to configure my environment like the tutorial you provide but, first, it was writen with chan_sip and sip.conf file, and I use pjproject (pjsip.conf), I adapted the file to update the auth_db part to use the newest Asterisk PJSIP database (mean ps_auths, and fields associated), also, Kamailio remove the usage of mi_fifo.so and mi_rpc.so libs to use jsonrpcs.so instead of.

But, when I active the a client, the register transaction work between the client and Kamailio, but after that, Kamailio try to authenticate the client to Asterisk and Asterisk respond with a 401.

By starting Kamailio with debug I saw “no credentials found for 1101” howevever, the database contains credentials for the endopints…

Did you know where I can found help to configure Kamailio ?

If any one has responses, I wiil be joyful about that.

Thanks