herlesupreeth/Kamailio_IMS_Config

SIP REQUESTS over IPsec from PCSCF to UE has incorrect Sent-by port in first VIA

riccardv opened this issue · 2 comments

Hi @herlesupreeth ,

As 3GPP TS 24.229 reports, the "Sent-by port" in first VIA for SIP REQUEST using IPsec must use the protected server port, meanwhile kamailio use the source port of the request, that is the client port.
Look for example the follow pcap: https://open5gs.org/open5gs/assets/pcapng/ipsec_to_ipsec_call.pcapng
The requests from UE correctly report the user protected server port in the first VIA, instead the requests coming from Kamailio PCSCF report the incorrect proxy protected client port in the first VIA.

This behavior is critical in the case when the TCP connection is closed during a server transaction (for instance a INVITE server transaction when ringing phase is very long). So the MT UE try to re-establish the TCP connection for sending the 200OK, but as RFC3261, the TCP connection attempt use as destination port the sent-by via port that is the client port of the proxy, so the connection fails.

Is there an easy way to correct this problem on kamailio? Or any idea for solve it?

Thanks

@riccardv thats a quite old pcap and there were many fixes after that so I would not take that pcap as a reference.

Also, in the pcap above, SIP REQUESTS are not originating at P-CSCF rather its been proxied from MO UE to MT UE so I dont think the Sent-by-Port of Via added by Kamailio P-CSCF is wrong (btw, its the last Via not the first Via added by P-CSCF)

Hi,
try by your self a UE to UE IPsec call and check the correctness of the top via header of requests from PCSCF...