Errors when attempting 3GPP Early IMS Security with latest version of Boghe
97 views
Skip to first unread message
Rob Dover
Jan 21, 2014, 1:18:34 PM1/21/14
to doub...@googlegroups.com
Hi there,
I've been trying to use the shiny new 3GPP Early IMS Security feature on Boghe but have been running into some issues. Was wondering if there's an easy work around.
The situation:
- Using Boghe v2.0.186.1013 on Windows 7.
- Configured Boghe to use IPSec (MD5, DES-EDE3, Trans, ESP) and ticked the Enable 3GPP Early IMS Security option.
- Attempted to set up an IPSec connection to my P-CSCF by Signing In.
- Found that the REGISTER sent by the client did not contain the expected Security-Client header mandated by RFC 3329 and consequently no IPSec connections were created.
I had a look in the logging output and found the following errors in Boghe.log:
2014-01-21 17:41:52,338 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "_vista_createLocalSA()"
file: ".\plugin_win_ipsec_vista.c"
line: "340"
MSG: FwpmFilterAdd0 (inbound) failed with error code [5]
2014-01-21 17:41:52,338 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "tsip_ipsec_association_ctor()"
file: ".\src\transports\tsip_transport_ipsec.c"
line: "480"
MSG: Failed to set IPSec local info:172.18.41.109,10.23.42.10,50032,50031
2014-01-21 17:41:52,339 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "tsip_dialog_request_send()"
file: ".\src\dialogs\tsip_dialog.c"
line: "477"
MSG: Failed to find a valid default transport [2]
2014-01-21 17:41:52,339 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "tsip_transport_ipsec_updateMSG()"
file: ".\src\transports\tsip_transport_ipsec.c"
line: "257"
MSG: No IPSec association found.
So it looks as though there's a problem setting up the local SA and this causes the client to skip the Early IMS Security feature. Is this a known issue? Perhaps there is an extra setting somewhere I need to tweak? Any debugging expertise would be appreciated :).
I attach the full Boghe.log in case there's some extra details inside that are useful.
Cheers,
Rob
I've been trying to use the shiny new 3GPP Early IMS Security feature on Boghe but have been running into some issues. Was wondering if there's an easy work around.
The situation:
- Using Boghe v2.0.186.1013 on Windows 7.
- Configured Boghe to use IPSec (MD5, DES-EDE3, Trans, ESP) and ticked the Enable 3GPP Early IMS Security option.
- Attempted to set up an IPSec connection to my P-CSCF by Signing In.
- Found that the REGISTER sent by the client did not contain the expected Security-Client header mandated by RFC 3329 and consequently no IPSec connections were created.
I had a look in the logging output and found the following errors in Boghe.log:
2014-01-21 17:41:52,338 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "_vista_createLocalSA()"
file: ".\plugin_win_ipsec_vista.c"
line: "340"
MSG: FwpmFilterAdd0 (inbound) failed with error code [5]
2014-01-21 17:41:52,338 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "tsip_ipsec_association_ctor()"
file: ".\src\transports\tsip_transport_ipsec.c"
line: "480"
MSG: Failed to set IPSec local info:172.18.41.109,10.23.42.10,50032,50031
2014-01-21 17:41:52,339 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "tsip_dialog_request_send()"
file: ".\src\dialogs\tsip_dialog.c"
line: "477"
MSG: Failed to find a valid default transport [2]
2014-01-21 17:41:52,339 ERROR [1] BogheCore.Services.Impl.SipService:0 - ***ERROR: function: "tsip_transport_ipsec_updateMSG()"
file: ".\src\transports\tsip_transport_ipsec.c"
line: "257"
MSG: No IPSec association found.
So it looks as though there's a problem setting up the local SA and this causes the client to skip the Early IMS Security feature. Is this a known issue? Perhaps there is an extra setting somewhere I need to tweak? Any debugging expertise would be appreciated :).
I attach the full Boghe.log in case there's some extra details inside that are useful.
Cheers,
Rob
Mamadou
Jan 21, 2014, 1:24:21 PM1/21/14
to doub...@googlegroups.com
Early IMS means don't use IPSec or any
IMS security mechanism. Enabling Early IMS and trying to use IPSec
doesn't make sense.
For the error code=5, check http://doubango.org/IPSec/__page__main__f_a_q.html#_Anchor_TIPSec_FAQ_Error5
For the error code=5, check http://doubango.org/IPSec/__page__main__f_a_q.html#_Anchor_TIPSec_FAQ_Error5
--
You received this message because you are subscribed to the Google Groups "discuss-doubango" group.
To unsubscribe from this group and stop receiving emails from it, send an email to doubango+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Mamadou DIOP - Technology Evangelist
Doubango Telecom - Paris, France
http://www.doubango.org
Click here to call me!
Mamadou DIOP - Technology Evangelist
Doubango Telecom - Paris, France
http://www.doubango.org
Click here to call me!
Rob Dover
Jan 21, 2014, 1:47:25 PM1/21/14
to doub...@googlegroups.com
Hi Mamadou,
Thanks for the quick response. That does indeed resolve my issue :). I'll take a spin through the tiny* FAQ sections next time, I guess.
Cheers,
Rob
Thanks for the quick response. That does indeed resolve my issue :). I'll take a spin through the tiny* FAQ sections next time, I guess.
Cheers,
Rob
Reply all
Reply to author
Forward
0 new messages