Closed mmonka closed 2 years ago
herlesupreeth
commented
2 years ago It could be that SQN is out of snyc and Nonce value is not liked by the UE. Can you capture once again the scenario on 'any' interface? Also, check whether the IPSec listen address is IPv6 or IPv4
mmonka
commented
2 years ago Checked IP Addresses Setup etc. Looks good. I created "rvi0 Interface" on MacOS and traced the communication between UE and PCSCF directly on UE. I see "REGISTER", "Trying" and "401". So for my understanding, first Register attempt looks good. Now, i think i have to follow your track with the SQN/nonce. Any idea where to start? In all examples i read, kamailio is used with FHoSS/OpenHSS? Might it be a problem using open5gs-hss? Kamailio S-CSCF is configured for REG_AUTH_DEFAULT_ALG to use "HSS-Selected".
herlesupreeth
commented
2 years ago Now, i think i have to follow your track with the SQN/nonce. Any idea where to start?
In order to verify this, its a bit tedious process. For this you would need osmo-sim-auth tool which run authentication algorithm against SIM card in SIM card reader. Nonce is the value received in 401 message.
In all examples i read, kamailio is used with FHoSS/OpenHSS? Might it be a problem using open5gs-hss?
Rather its the opposite, I belive if you are using open5gs-hss then you can safely ignore the SQN mismatch issue.
I would suggest to do the following, on the machine running P-CSCF run the below commands and send me the trace + output of the following commands
sudo ip x s l
sudo ip x p lAlso, check whether P-CSCF kamailio process is having sudo privileges as its requried to create ipsec connections.
mmonka
commented
2 years ago Hi,
thanks for your help. Find the requested information attached.
Will also dig deeper into the ipsec configuration/tracing.
ipxpl.txt ipxsl.txt register_iphone_coreside.pcapng.gz register_iphone_ueside.pcapng.gz .
herlesupreeth
commented
2 years ago I doubt you are using the config files in this repository. Because there was fix for IPSec applied in this commit - https://github.com/herlesupreeth/Kamailio_IMS_Config/commit/1a526efcc4d56cbbbccd585e3c2bc44a6b6157be which is missing or not working in kamailio 5.5.4
mmonka
commented
2 years ago will check, but changing the ipsec_spi_id_start solves the problem.
Thank you very much.
mmonka
commented
2 years ago Found the mistake: i started with using the Configs from kamailio repository located in "misc/examples/ims".
Hi,
i installed srsENB + open5GS + kamailio IMS Stack. My iPhone can attach to apn "internet" + "ims" successfully. P-CSCF Address is configured in smfd and my iPhone sends REGISTER Request to P-CSCF (IPv6). Kamailio forwards the messages towards I-CSCF(IPv4)/S-CSCF(IPv4) and communication with open5gs HSS(IPv4) looks good on both. Unauthorized messages is transported back to UE. Security-Client and Security-Server have a matching Object.
But after that, I do not see any ESP Messages from UE.
Anyone have an idea where to look now
Kamailio 5.5.4 register.pcapng.gz ?