200 OK from REGISTER not relayed by PCSCF?

[rtorresg90]

Hello herlesupreeth,

I'm trying to do a VoLTE setup using a Google Pixel, Baicells (eNodeB), Open5gs (EPC) and Kamailio (IMS on branch 5.3). I'm currently having a successful registration flow on the IMS side: REGISTER -> 401 -> REGISTER -> 200 OK.

The PCSCF is successfully processing the 200 OK and the last function executed is "ipsec_forward("location")". Here are the logs: kamailio-logs.txt

However I do not see the PCSCF relaying the 200 OK to the UE: pcscf-trace.zip

I do see GTP-ESP packets back and forth after the 200 OK but the phone isn't showing IMS registration and I'm unable to place calls. I can't tell if it's an issue on the PCSCF or IPSEC itself.

Let me know if you would be able to help, thank you! Ramon

[herlesupreeth]

Can you please take the trace on EPC + IMS all together as I cannot see the packet leaving P-CSCF in the trace you attached above??

[rtorresg90]

Absolutely! please find the IP setup in this txt doc: ip-setup.txt

Here are the traces: traces.zip

container1.pcap. It's captured locally in the "container 1" from ip-setup.txt and its listening to all the IP addresses under "container 1"

host.pcapng. It's captured locally in my computer. It listens to 192.168.0.156 (enodeb), 192.168.0.201 (sgwu) and 192.168.0.203 (docker forwards it to 172.17.0.2)

Update: I was able to decode the GTP-ESP packets (wireshark preferences -> protocols -> esp -> attempt to decod ESP payloads) and I see the 200 OKs are being sent on both container1.pcap and host.pcapng. I can't tell why the registration is not completing. I see TCP retransmissions but not sure if it's related:

[herlesupreeth]

You can see above that SIP REGISTER is replied with 200 OK. Following this Pixel 6A should have sent SIP SUBSCRIBE but rather its sending SIP REGISTER to de-register from IMS in the next packet (packet 232) and gets de-registered from IMS.

I would suggest to do try the following:

1. Put the phone in safe mode and once in safe mode restart normally and then try attaching the phone
2. If the above fails, I would suggest updating the phone to latest OS (Android 13 maybe), which should have fixed this issue

[rtorresg90]

Thank you for looking into this. I tried both 1. and 2. but it didn't work.

I am using a Sysmocom SIM and in order to enable VoLTE I had to do a little hack with the apps "Shizuku" and "Pixel IMS". Maybe that's the reason why it's not working.

What UEs would you recommend? I tried getting the OnePlus6 (as recommended in the Open5GS tutorial) but since it's an old phone it's really hard to find it unlocked.

[herlesupreeth]

Now that I recall you were using 999 70 PLMN right?? I would suggest to use 001 01 PLMN as most of the phones have VoLTE enabled by default and hopefully you may not have to use Shizuku for enabling VoLTE.

I am using a Sysmocom SIM and in order to enable VoLTE I had to do a little hack with the apps "Shizuku" and "Pixel IMS". Maybe that's the reason why it's not working.

Did you change any IMS/SIP related settings??

What UEs would you recommend? I tried getting the OnePlus6 (as recommended in the Open5GS tutorial) but since it's an old phone it's really hard to find it unlocked.

You could get an iPhone X or above, they have VoLTE enabled by default for 00101 PLMN and other PLMNs as well.

[rtorresg90]

Now that I recall you were using 999 70 PLMN right?? I would suggest to use 001 01 PLMN as most of the phones have VoLTE enabled by default and hopefully you may not have to use Shizuku for enabling VoLTE.

I changed the network to use PLMN 00101 and I'm able to do an LTE attach (with roaming). The IMS issue looks the same, the Google Pixel 6a doesn't give me the VoLTE option so I have to do the hack, after enabling VoLTE I get the same issue where the phone de-registers. I tried the safe mode restart as well. Do I also need to change the SIM card IMSI to match the PLMN 00101? If so what's the process for it?

Did you change any IMS/SIP related settings??

I didn't change any other IMS/SIP settings, just the "enable VoLTE" toggle. I also tried resetting the network settings to defaults

You could get an iPhone X or above, they have VoLTE enabled by default for 00101 PLMN and other PLMNs as well.

I also have an iphone 11 but for some reason it doesn't detect the 00101 network, it did detect the 99970 network (it took a while) but there weren't any S1AP packets coming from the enodeB. Do you know of any other UE model that should work on this setup?

[herlesupreeth]

Do I also need to change the SIM card IMSI to match the PLMN 00101? If so what's the process for it?

Yes, this is the important part :) . In order to do so you would need pysim software and a SIM card reader. Then, you could say for example use the below command as reference to re-program your SIM

./pySim-prog.py -p 0 -x 001 -y 01 -s <SIM_ICCID> -i 001011234567898 -k 8baf473f2f8fd09487cccbd7097c6862 --op 11111111111111111111111111111111 -o 8E27B6AF0E692E750F32667A3B14605D -a <ADM_PIN> --msisdn 0898765432100 --pcscf pcscf.ims.mnc001.mcc001.3gppnetwork.org --ims-hdomain ims.mnc001.mcc001.3gppnetwork.org --impi 001011234567898@ims.mnc001.mcc001.3gppnetwork.org --impu sip:001011234567898@ims.mnc001.mcc001.3gppnetwork.org

VoLTE on Roaming is usually disabled on phones.

Do you know of any other UE model that should work on this setup?

I have verified VoLTE working on iPhone 11, iPhone 13 Pro, Xiaomi A2 Lite (again an old phone), Samsung Tab 6 lite (I wouldnt recommend Samsung devices), Pixel 6a for 001 01 PLMN.

I also have an iphone 11 but for some reason it doesn't detect the 00101 network, it did detect the 99970 network (it took a while)

If you are using a SDR based eNB then having an external GPS clock definitely helps in this regard. If its an commercial eNB e.g. Baicells eNB then connecting the provided GPS antenna also helps.

[rtorresg90]

I was able to figure out the issue yesterday using PLMN 99970, it was a little silly. I realized the SIM card itself doesn't have a phone number so I just had to add a MSISDN in the Open5GS UI (I'm using open5gs for both epc and ims).

Thank you for your help. Would you mind if I keep this open for a few days? I'm now gonna connect the SCSCF to a SIP trunking service and make some phone calls.

[herlesupreeth]

I was able to figure out the issue yesterday using PLMN 99970, it was a little silly. I realized the SIM card itself doesn't have a phone number so I just had to add a MSISDN in the Open5GS UI (I'm using open5gs for both epc and ims).

Ah, nice find. Without the MSISDN configured phone has no idea which IMPU to use for SUBSCRIBE hence no SUBSCRIBE :)

Thank you for your help. Would you mind if I keep this open for a few days? I'm now gonna connect the SCSCF to a SIP trunking service and make some phone calls.

Sure, no problem. I have not attempted connecting SIP trunk to S-CSCF so no idea whether it works or not.

[rtorresg90]

Hi Herlesupreeth,

I was able to make phone calls from UE to the SIP trunk work. There were a few changes I had to make:

• SIP trunk service was rejecting all requests until I removed the Require headers that contained sec-agree
• UE canceled the call whenever it received a SIP response with media parameters. I had to remove "rtcp" and "mid" media attributes from SIP responses 183 and 200.

I'm closing this issue, thanks!

[herlesupreeth]

Hey,

Thanks for sharing valuable information. Quite strange that sec-agree was added even though P-CSCF was talking with a SIP trunk.

UE canceled the call whenever it received a SIP response with media parameters. I had to remove "rtcp" and "mid" media attributes from SIP responses 183 and 200.

Ah, I see. Typically this SDP manipulation is done by another element in IMS (not sure maybe BGCF).

[rtorresg90]

I did all the SIP request and SIP response manipulation on the S-CSCF side, maybe not ideal but I was doing it for a proof of concept.

This is the flow I was doing: UE -> enodeB -> EPC -> PCSCF -> ICSCF -> SCSCF -> SIP trunk -> PTN -> Cell Phone