Re: [asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/5/19 9:32 PM, John Runyon wrote: On Fri, 5 Jul 2019 at 14:28, hw mailto:h...@gc-24.de>> wrote: I thought about that and checked the configuration I've been using to create the certificate, and I can't see anywhere that it would expire earlier than after 3650 days. Is there another way to check this? openssl verify -CAfile ca.crt server.crt openssl verify -CAfile ca.pem asterisk.pem asterisk.pem: OK When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers to the SIP provider and there is no error message). Otherwise I'm getting the error message and asterisk does not register. Reading the comments in sip.conf.sample, I would assume that asterisk can not verify the certificate of the SIP provider. Yet openssl s_client -connect secure.sip.easybell.de:5061 seems to verify the certificate just fine. Previous tests seemed to show the asterisk is trying to verify its own certificate instead, or as well. What exactly is asterisk trying to verify, and what fails the verification? Suspicious is this: [Jul 5 12:48:00] NOTICE[7015]: chan_sip.c:30416 sip_poke_noanswer: Peer 'aaa' is now UNREACHABLE! Last qualify: 55 == TLS/SSL ECDH initialized (automatic), faster PFS ciphers enabled == TLS/SSL certificate ok [Jul 5 12:48:08] ERROR[1482]: tcptls.c:173 handle_tcptls_connection: Certificate did not verify: unable to get local issuer certificate That's the point at which the certificate suddenly stopped working after the SIP provider became unreachable. Why? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/5/19 9:32 PM, John Runyon wrote: On Fri, 5 Jul 2019 at 14:28, hw mailto:h...@gc-24.de>> wrote: I thought about that and checked the configuration I've been using to create the certificate, and I can't see anywhere that it would expire earlier than after 3650 days. Is there another way to check this? openssl verify -CAfile ca.crt server.crt Which certificate is the one that can not be verified: the one I created or the one used by the SIP provider? How can I find out which certificate the error message is referring to? What is the error message? tcptls.c:173 handle_tcptls_connection: Certificate did not verify: unable to get local issuer certificate So the local issuer certificate must have somehow vanished after a few hours. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
On Fri, 5 Jul 2019 at 14:28, hw wrote: > I thought about that and checked the configuration I've been using to > create the certificate, and I can't see anywhere that it would expire > earlier than after 3650 days. Is there another way to check this? > openssl verify -CAfile ca.crt server.crt Which certificate is the one that can not be verified: the one I > created or the one used by the SIP provider? How can I find out > which certificate the error message is referring to? > What is the error message? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/5/19 9:22 PM, Steve Murphy wrote: hw-- I see this kind of behavior when the certificate expires... you've probably checked this, but sometimes we miss little details like that. I thought about that and checked the configuration I've been using to create the certificate, and I can't see anywhere that it would expire earlier than after 3650 days. Is there another way to check this? Which certificate is the one that can not be verified: the one I created or the one used by the SIP provider? How can I find out which certificate the error message is referring to? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
hw-- I see this kind of behavior when the certificate expires... you've probably checked this, but sometimes we miss little details like that. murf On Fri, Jul 5, 2019 at 1:14 PM hw wrote: > On 7/5/19 10:50 AM, Doug Lytle wrote: > > On 7/4/19 6:40 PM, hw wrote: > >> This has again, and for no reason, ceased to work again after > >> restarting asterisk. No matter what I try, I can't create a > >> certificate asterisk > >> would verify. > > > > Have you considered using LetsEncrypt for a valid certificate? > > > > Doug > > > > > > What would be the point in making this even more complicated? > > Today all of a sudden the certificate couldn't be verified anymore even > without restarting asterisk. How is it possible that a certificate > which was fine for 10 hours and 18 minutes suddenly can not be used > anymore? > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- Steve Murphy ParseTree Corporation 57 Lane 17 Cody, WY 82414 ✉ murf at parsetree dot com ☎ 307-899-0510 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/5/19 10:50 AM, Doug Lytle wrote: On 7/4/19 6:40 PM, hw wrote: This has again, and for no reason, ceased to work again after restarting asterisk. No matter what I try, I can't create a certificate asterisk would verify. Have you considered using LetsEncrypt for a valid certificate? Doug What would be the point in making this even more complicated? Today all of a sudden the certificate couldn't be verified anymore even without restarting asterisk. How is it possible that a certificate which was fine for 10 hours and 18 minutes suddenly can not be used anymore? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk and Linphone
My self-compiled Asterisk also shows that speex dependencies are not installed Speex Coder/Decoder Depends on: speex(E), speex_preprocess(E) Can use: speexdsp(E) You'll need to installed the dependencies and re-compile. Doug -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk and Linphone
On Friday 05 July 2019 at 16:33:56, Jerry Geis wrote: > I have no speex translation > core show translation paths speex > --- Translation paths SRC Codec "speex" sample rate 8000 --- > speex:8000 To slin:8000 : No Translation Path > Does not look good. no paths... Did something not get compiled ? I suspect you're right, but this is now beyond my expertise. I have an Asterisk 13.14.1 system here installed from Debian packages and I have the following: speex:8000 To amr:8000 : (speex@8000)->(slin@8000)->(amr@8000) speex:8000 To amrwb:16000 : (speex@8000)->(slin@8000)->(slin@16000)- >(amrwb@16000) speex:8000 To g723:8000 : No Translation Path speex:8000 To ulaw:8000 : (speex@8000)->(slin@8000)->(ulaw@8000) speex:8000 To alaw:8000 : (speex@8000)->(slin@8000)->(alaw@8000) speex:8000 To gsm:8000 : (speex@8000)->(slin@8000)->(gsm@8000) speex:8000 To g726:8000 : (speex@8000)->(slin@8000)->(g726@8000) speex:8000 To g726aal2:8000 : (speex@8000)->(slin@8000)->(g726aal2@8000) speex:8000 To adpcm:8000 : (speex@8000)->(slin@8000)->(adpcm@8000) speex:8000 To slin:8000 : (speex@8000)->(slin@8000) speex:8000 To slin:12000 : (speex@8000)->(slin@8000)->(slin@12000) speex:8000 To slin:16000 : (speex@8000)->(slin@8000)->(slin@16000) speex:8000 To slin:24000 : (speex@8000)->(slin@8000)->(slin@24000) speex:8000 To slin:32000 : (speex@8000)->(slin@8000)->(slin@32000) speex:8000 To slin:44100 : (speex@8000)->(slin@8000)->(slin@44100) speex:8000 To slin:48000 : (speex@8000)->(slin@8000)->(slin@48000) speex:8000 To slin:96000 : (speex@8000)->(slin@8000)->(slin@96000) speex:8000 To slin:192000 : (speex@8000)->(slin@8000)->(slin@192000) speex:8000 To lpc10:8000 : (speex@8000)->(slin@8000)->(lpc10@8000) speex:8000 To g729:8000 : No Translation Path speex:8000 To speex:16000 : (speex@8000)->(slin@8000)->(slin@16000)- >(speex@16000) speex:8000 To speex:32000 : (speex@8000)->(slin@8000)->(slin@32000)- >(speex@32000) speex:8000 To ilbc:8000 : No Translation Path speex:8000 To g722:16000 : (speex@8000)->(slin@8000)->(g722@16000) speex:8000 To siren7:16000 : No Translation Path speex:8000 To siren14:32000 : No Translation Path speex:8000 To testlaw:8000 : (speex@8000)->(slin@8000)->(testlaw@8000) speex:8000 To g719:48000 : No Translation Path speex:8000 To opus:48000 : No Translation Path speex:8000 To none:8000 : No Translation Path speex:8000 To silk:8000 : No Translation Path speex:8000 To silk:12000 : No Translation Path speex:8000 To silk:16000 : No Translation Path speex:8000 To silk:24000 : No Translation Path Antony. -- "There has always been an underlying argument that we should open up our source code more broadly. The fact is that we are learning from open source and we are opening our code more broadly through Shared Source. Is there value to providing source code? The answer is unequivocally yes." - Jason Matusow, head of Microsoft's Shared Source Program, in response to leaks of Windows source code on the Internet. Please reply to the list; please *don't* CC me. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk and Linphone
I have no speex translation ulaw alaw gsm g726 g726aal2 adpcm slin8 slin12 slin16 slin24 slin32 slin44 slin48 slin96 slin192 lpc10 ilbc g722 testlaw ulaw - 9150 15000 1500015000 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 15000 17250 15000 alaw 9150 - 15000 1500015000 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 15000 17250 15000 gsm 15000 15000 - 1500015000 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 15000 17250 15000 g726 15000 15000 15000 -15000 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 15000 17250 15000 g726aal2 15000 15000 15000 15000- 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 15000 17250 15000 adpcm 15000 15000 15000 1500015000 - 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 15000 17250 15000 slin8 6000 6000 6000 6000 6000 6000 - 8000 8000 8000 8000 8000 8000 80008000 6000 6000 82506000 slin12 14500 14500 14500 1450014500 14500 8500 - 8000 8000 8000 8000 8000 80008000 14500 14500 14000 14500 slin16 14500 14500 14500 1450014500 14500 8500 8500 - 8000 8000 8000 8000 80008000 14500 14500 6000 14500 slin24 14500 14500 14500 1450014500 14500 8500 8500 8500 - 8000 8000 8000 80008000 14500 14500 14500 14500 slin32 14500 14500 14500 1450014500 14500 8500 8500 8500 8500 - 8000 8000 80008000 14500 14500 14500 14500 slin44 14500 14500 14500 1450014500 14500 8500 8500 8500 8500 8500 - 8000 80008000 14500 14500 14500 14500 slin48 14500 14500 14500 1450014500 14500 8500 8500 8500 8500 8500 8500 - 80008000 14500 14500 14500 14500 slin96 14500 14500 14500 1450014500 14500 8500 8500 8500 8500 8500 8500 8500 -8000 14500 14500 14500 14500 slin192 14500 14500 14500 1450014500 14500 8500 8500 8500 8500 8500 8500 8500 8500 - 14500 14500 14500 14500 lpc10 15000 15000 15000 1500015000 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 - 15000 17250 15000 ilbc 15000 15000 15000 1500015000 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 - 17250 15000 g722 15600 15600 15600 1560015600 15600 9600 17500 9000 17000 17000 17000 17000 17000 17000 15600 15600 - 15600 testlaw 15000 15000 15000 1500015000 15000 9000 17000 17000 17000 17000 17000 17000 17000 17000 15000 15000 17250 - core show translation paths speex --- Translation paths SRC Codec "speex" sample rate 8000 --- speex:8000 To g723:8000 : No Translation Path speex:8000 To ulaw:8000 : No Translation Path speex:8000 To alaw:8000 : No Translation Path speex:8000 To gsm:8000: No Translation Path speex:8000 To g726:8000 : No Translation Path speex:8000 To g726aal2:8000 : No Translation Path speex:8000 To adpcm:8000 : No Translation Path speex:8000 To slin:8000 : No Translation Path speex:8000 To slin:12000 : No Translation Path speex:8000 To slin:16000 : No Translation Path speex:8000 To slin:24000 : No Translation Path speex:8000 To slin:32000 : No Translation Path speex:8000 To slin:44100 : No Translation Path speex:8000 To slin:48000 : No Translation Path speex:8000 To slin:96000 : No Translation Path speex:8000 To slin:192000 : No Translation Path speex:8000 To lpc10:8000 : No Translation Path speex:8000 To g729:8000 : No Translation Path speex:8000 To speex:16000 : No Translation Path speex:8000 To speex:32000 : No Translation Path speex:8000 To ilbc:8000 : No Translation Path speex:8000 To g722:16000 : No Translation Path speex:8000 To siren7:16000: No Translation Path speex:8000 To siren14:32000 : No Translation Path speex:8000 To testlaw:8000: No Translation Path speex:8000 To g719:48000 : No Translation Path speex:8000 To opus:48000 : No Translation Path speex:8000 To none:8000 : No Translation Path speex:8000 To silk:8000 : No Translation Path speex:8000 To silk:12000 : No Translation Path speex:8000 To silk:16000 : No Translation Path speex:8000 To silk:24000 : No Translation Path Does not look good. no paths... Did something not get compiled ? Jerry > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check
Re: [asterisk-users] Asterisk and Linphone
On Friday 05 July 2019 at 16:03:42, Jerry Geis wrote: > I think this is what your looking for: > [Jul 5 09:55:34] WARNING[19832]: channel.c:5751 set_format: Unable to find a > codec translation path: (speex) -> (speex32) Indeed, it was. > My linphone side only has speex@32K enabled. > > My extension definition has: > disallow=all > allow=speex > allow=speex16 > allow=speex32 > allow=g722 > allow=ulaw > allow=alaw > allow=gsm > > It looks like its the codec translation ? So then I enabled speex and > speex32 on Linphone Got past that - I presume it will use speex32 for > audio... You can always see which codec is in use by doing a SIPpacket capture and looking at the above negotiation exchange to see what got agreed on. > But then I am trying to place that call in a conference (confbridge) and I > get this error: > Unable to find a codec translation path: (slin) -> (speex) > so I think then it hangs up. Try "core show translation" on your Asterisk command line and check that the table has an entries in both directions for speex (left) to slin (top) and slin (left) to speex (top). The numbers tell you how many microseconds *your* server takes to transcode 1 second of audio between the two codecs. You can also try "core show translation paths speex" to get a list of the codecs which can and cannot be converted to, with a guide to the method used for trancoding that combination where possible. Antony. -- All matter in the Universe can be placed into one of two categories: 1. Things which need to be fixed. 2. Things which need to be fixed once you've had a few minutes to play with them. Please reply to the list; please *don't* CC me. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk and Linphone
I think this is what your looking for: Found RTP audio format 119 Found audio description format speex for ID 119 Capabilities: us - (speex|speex16|speex32|g722|ulaw|alaw|gsm), peer - audio=(speex32)/video=(nothing)/text=(nothing), combined - (speex32) Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x0 (nothing), combined - 0x0 (nothing) Peer audio RTP is at port 192.168.1.176:7078 [Jul 5 09:55:34] WARNING[19832]: channel.c:5751 set_format: Unable to find a codec translation path: (speex32) -> (speex) ^M^[[Kdevgeis*CLI> ^M^[[0K[Jul 5 09:55:34] WARNING[19832]: channel.c:5751 set_format: Unable to find a codec translation path: (speex) -> (speex32) My linphone side only has speex@32K enabled. My extension definition has: disallow=all allow=speex allow=speex16 allow=speex32 allow=g722 allow=ulaw allow=alaw allow=gsm It looks like its the codec translation ? So then I enabled speex and speex32 on Linphone Got past that - I presume it will use speex32 for audio... But then I am trying to place that call in a conference (confbridge) and I get this error: Unable to find a codec translation path: (slin) -> (speex) so I think then it hangs up. What do I do about that ? - thanks Jerry On Fri, Jul 5, 2019 at 8:22 AM Jerry Geis wrote: > Hi all - I am using asterisk 13.27.0 with Linphone. > I turned off all codes on linphone except the one I want to try. For > example: > opus and speex (so only one enabled at a time). > Then did this same on asterisk for the linphone extension. > disallow=all > allow=speex > > (for example). > > Then I place my call and the call fails. if I enable something like gsm, > ulaw, alaw the call works fine. Why does the call fail with opus and speex ? > Thanks, > > Jerry > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk and Linphone
On Friday 05 July 2019 at 14:22:22, Jerry Geis wrote: > Hi all - I am using asterisk 13.27.0 with Linphone. > I turned off all codes on linphone except the one I want to try. For > example: > opus and speex (so only one enabled at a time). > Then did this same on asterisk for the linphone extension. > disallow=all > allow=speex > > (for example). > > Then I place my call and the call fails. if I enable something like gsm, > ulaw, alaw the call works fine. Why does the call fail with opus and speex? Show us the SIP INVITE from Linphone and the response from Asterisk where they negotiate codecs - that should tell us why they disagree. Antony. -- The lottery is a tax for people who can't do maths. Please reply to the list; please *don't* CC me. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] shairport-sync and asterisk
Interesting... In asterisk 13 I edited alsa.conf for asterisk and commented out the noaudiocapture=true, and alsa loaded the alsa module. restarted asterisk. When I call into my dialplan and connect to Console/DSP I hear the audio that I am playing on Shairport-sync through pulseaudio - but it is VERY choppy or warbly... SO I have audio - just bad audio - how can "clear" that up ? Thanks, Jerry On Fri, Jul 5, 2019 at 8:45 AM Jerry Geis wrote: > Is there any way to get shairport-sync audio into asterisk ? > > Jerry > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] shairport-sync and asterisk
Is there any way to get shairport-sync audio into asterisk ? Jerry -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk and Linphone
Hi all - I am using asterisk 13.27.0 with Linphone. I turned off all codes on linphone except the one I want to try. For example: opus and speex (so only one enabled at a time). Then did this same on asterisk for the linphone extension. disallow=all allow=speex (for example). Then I place my call and the call fails. if I enable something like gsm, ulaw, alaw the call works fine. Why does the call fail with opus and speex ? Thanks, Jerry -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/4/19 6:40 PM, hw wrote: This has again, and for no reason, ceased to work again after restarting asterisk. No matter what I try, I can't create a certificate asterisk would verify. Have you considered using LetsEncrypt for a valid certificate? Doug -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
