Re: [asterisk-users] PJSIP and Grandstream Wave with TSL and SRTP
On Friday, January 24, 2020 6:25:48 PM CET Sean Bright wrote: > On 1/23/2020 6:04 PM, hw wrote: > >> This is what mine looks like which works just fine: > >> > >> [transport-tls] > >> type = transport > >> protocol = tls > >> method= tlsv1_2 > >> cipher= > >> ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES > >> 128 > >> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE- > >> RSA- AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 > >> cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem > >> priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem > > > > Thanks, it still says > > > > > > SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> > ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937 > > I guess I should have been more clear before - with the above settings > TLS works for other phones, I hadn't tried with Wave. > > I downloaded Wave for iOS and played around a bit and stumbled on a > working configuration. Wave seems to only support TLS 1.0 which is > problematic itself but it is what it is. > > I set up Asterisk 16 on a VM in AWS to test which you can try as well if > you like: > > Domain: sip.seanbright.com > Username: asterisk > Password: asterisk > > Calls are SRTP if offered, and the number dialed just needs to be 1 or > more digits. This is the configuration I ended up with: > > [transport-tls] > type = transport > protocol = tls > method= tlsv1 > cert_file = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem > priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem > bind = 0.0.0.0:5061 > external_media_address = 52.91.86.158 > external_signaling_address = 52.91.86.158 Thanks a lot! I tried to register and it worked. It still doesn't work here with tlsv1. Then I noticed that you have priv_key_file set. I don't have that, and I don't remember which of the files that were created when I tried to create the key asterisk is using now is the private key. It seems I'll have to spend another day or so on all the horrible key creation stuff again. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Perl AGI: read variable with quotes
On Fri, 24 Jan 2020, Steve Edwards wrote:
2) How about doing 'GET FULL VARIABLE' in your Perl script?
Sorry. After a couple more cups of tea I think this was a bit vague.
Try whatever call/method in your library that does 'GET FULL VARIABLE' on
'${PJSIP_HEADER(read,P-Asserted-Identity)}' in your AGI.
--
Thanks in advance,
-
Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PJSIP and Grandstream Wave with TSL and SRTP
On 1/23/2020 6:04 PM, hw wrote: This is what mine looks like which works just fine: [transport-tls] type = transport protocol = tls method= tlsv1_2 cipher= ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128 -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem Thanks, it still says SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> len: 0 peer: 10.10.20.29:54937 I guess I should have been more clear before - with the above settings TLS works for other phones, I hadn't tried with Wave. I downloaded Wave for iOS and played around a bit and stumbled on a working configuration. Wave seems to only support TLS 1.0 which is problematic itself but it is what it is. I set up Asterisk 16 on a VM in AWS to test which you can try as well if you like: Domain: sip.seanbright.com Username: asterisk Password: asterisk Calls are SRTP if offered, and the number dialed just needs to be 1 or more digits. This is the configuration I ended up with: [transport-tls] type = transport protocol = tls method = tlsv1 cert_file = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem bind = 0.0.0.0:5061 external_media_address = 52.91.86.158 external_signaling_address = 52.91.86.158 Hope that helps, Sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Perl AGI: read variable with quotes
In article <20200124154749.46da5...@go.imp.ch>,
Benoit Panizzon wrote:
> Hi Gang
>
> I have stumbled of this problem.
>
> I need the P-Asserted-Identity header in an AGI scrip.
>
> In the Dial-Plan I do:
>
> same => n,Set(PAI=${PJSIP_HEADER(read,P-Asserted-Identity)})
>
> In the AGI I do:
>
> my $pai = $AGI->get_variable(PAI);
>
> This works fine, unless the PAI contains quotes:
>
> P-Asserted-Identity:
>
> I get "" in the variable $pai.
>
> P-Asserted-Identity: "John Doe"
>
> Is getting me $pai containing just "John".
>
> Anyone a clue how I could get the whole header?
First you need to identify whether the problem is in the Set()
or in the $AGI->get_variable(PAI) (shouldn't that be ("PAI")?)
Add a line to your dialplan just after the line you quoted:
same => n,NoOp(PAI=${PAI})
Then turn on verbose logging and try the call. Look at the logged
NoOp line and see if it contains just the 'John' or the whole value
'"John Doe" '
If it contains the whole value, then the problem is in the AGI library
reading the variable. If it just contains John, the problem is in the
Set() operation in the dialplan.
Cheers
Tony
--
Tony Mountifield
Work: t...@softins.co.uk - http://www.softins.co.uk
Play: t...@mountifield.org - http://tony.mountifield.org
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Perl AGI: read variable with quotes
On Fri, 24 Jan 2020, Benoit Panizzon wrote:
I have stumbled of this problem.
I need the P-Asserted-Identity header in an AGI scrip.
In the Dial-Plan I do:
same => n,Set(PAI=${PJSIP_HEADER(read,P-Asserted-Identity)})
In the AGI I do:
my $pai = $AGI->get_variable(PAI);
This works fine, unless the PAI contains quotes:
P-Asserted-Identity:
I get "" in the variable $pai.
P-Asserted-Identity: "John Doe"
Is getting me $pai containing just "John".
Anyone a clue how I could get the whole header?
1) Does the PAI channel variable contain the full header? Try 'verbose(PAI
= ${PAI})' or something similar.
2) How about doing 'GET FULL VARIABLE' in your Perl script? You can set
the channel variable PAI in the AGI if needed back in the dialplan.
--
Thanks in advance,
-
Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Perl AGI: read variable with quotes
Hi Gang
I have stumbled of this problem.
I need the P-Asserted-Identity header in an AGI scrip.
In the Dial-Plan I do:
same => n,Set(PAI=${PJSIP_HEADER(read,P-Asserted-Identity)})
In the AGI I do:
my $pai = $AGI->get_variable(PAI);
This works fine, unless the PAI contains quotes:
P-Asserted-Identity:
I get "" in the variable $pai.
P-Asserted-Identity: "John Doe"
Is getting me $pai containing just "John".
Anyone a clue how I could get the whole header?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G-Leiter Commerce Kunden
__
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 PrattelnFax +41 61 826 93 01
Schweiz Web http://www.imp.ch
__
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Example of ${CHANNEL(contact)} output ?
Hello,
My Asterisk 16.2 instance (Debian Buster package) has:
same = n,Verbose(0,CHANNEL is ${CHANNEL})
same = n,Verbose(0,CHANNEL(accountcode) is ${CHANNEL(accountcode)})
same = n,Verbose(0,CHANNEL(contact) is ${CHANNEL(contact)})
same = n,Verbose(0,CHANNEL(endpoint) is ${CHANNEL(endpoint)})
and prints:
CHANNEL is PJSIP/9150-0016
CHANNEL(accountcode) is GENERAL
CHANNEL(contact) is
CHANNEL(endpoint) is 9150
In my testing, ${CHANNEL(contact)} is always empty.
1. Can someone show me the output of a successful CHANNEL(contact) ?
2. Suppose Alice and Bob phones are both registered as extension 1000, what
is the most efficient way to remove Alice's contact from
${PJSIP_DIAL_CONTACTS(1000)} value if Alice ever dials 1000 (and hopes to
ring Bob's phone only) ?
Best regards
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
