Re: [asterisk-users] TLS and NAT

On 09.04.23 at 19:55 Steve Matzura wrote: Thanks, Michael. A few questions: Is [transport_name] a reserved word, or am I supposed to replace it with a name of my own, like '[did-transport]'? Yes. You are free. Some of the keywords I haven't seen before. Is ca_list_file supposed to be an

Re: [asterisk-users] TLS and NAT

Thanks, Michael. A few questions: Is [transport_name] a reserved word, or am I supposed to replace it with a name of my own, like '[did-transport]'? Some of the keywords I haven't seen before. Is ca_list_file supposed to be an aggregate of the public and private key? And what are the

Re: [asterisk-users] TLS and NAT

Hello Steve, use the following configuration for the transport and bind this transport to the trunk: [transport_name] type=transport protocol=tls bind=192.168.13.24 ; your bind IP ca_list_file=/etc/pki/tls/certs/ca-bundle.crt ; method=tlsv1_2 verify_server=yes allow_reload=no ;tos=0xb8 ;cos=3

[asterisk-users] TLS and NAT

I want to configure communication with my phone provider using TLS for all the obvious reasons. Since I'm behind a firewall, I'll be needing to do it with NAT. There are examples of UDP plus NAT in pjsip.conf, but none for TLS plus NAT. Would it be correct to set up the TLS transport stanza to

Re: [asterisk-users] TLS/SSL error loading cert file. [Almost SOLVED]

Hello, Le lun. 6 janv. 2020 à 19:01, Olivier a écrit : > May I add I could successfully (if pjsip show transports has any meaning) > add a PJSIP TLS-transport with: > > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > cert_file=/etc/asterisk/keys/asterisk.crt >

Re: [asterisk-users] TLS/SSL error loading cert file.

On Monday 06 January 2020 at 19:01:09, Olivier wrote: > May I add I could successfully (if pjsip show transports has any meaning) > add a PJSIP TLS-transport with: > > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > cert_file=/etc/asterisk/keys/asterisk.crt >

Re: [asterisk-users] TLS/SSL error loading cert file.

May I add I could successfully (if pjsip show transports has any meaning) add a PJSIP TLS-transport with: [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1 Le lun. 6 janv. 2020 à

Re: [asterisk-users] TLS/SSL error loading cert file.

On Monday 06 January 2020 at 18:33:39, Olivier wrote: > Hello, > > On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a > way to enable HTTPS. > # cat /etc/asterisk/http.conf > [general] > servername=Asterisk > enabled=yes > bindaddr=0.0.0.0 > bindport=8088 > tlsenable=yes >

[asterisk-users] TLS/SSL error loading cert file.

Hello, On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a way to enable HTTPS. Asterisk is running as asterisk:asterisk: asterisk 11097 0.3 6.7 741352 67984 ?Ssl 17:53 0:06 /usr/sbin/asterisk -g -f -p -U asterisk # cat /etc/asterisk/http.conf [general]

Re: [asterisk-users] TLS certificate warnings in softphone, but not until after successful registration and call placed ?

On Wed, Jan 4, 2017, at 10:29 AM, Patrick Laimbock wrote: > > Thank you for your feedback Joshua. Does "right now" mean that this will > be fixed in the (near) future? Should I file a Jira ticket? There is no issue that I can remember that is tracking this and I am aware of noone working on it.

Re: [asterisk-users] TLS certificate warnings in softphone, but not until after successful registration and call placed ?

On 03-01-17 19:06, Joshua Colp wrote: On Fri, Dec 30, 2016, at 05:04 AM, Kevin Long wrote: Hello, I am using asterisk 14.2 and PJSIP, with TLS transport. I’m sure I’m doing something wrong here .. In 2 distinct softphone clients (Bria and Groundwire), I am able to register successfully,

Re: [asterisk-users] TLS certificate warnings in softphone, but not until after successful registration and call placed ?

On Fri, Dec 30, 2016, at 05:04 AM, Kevin Long wrote: > > > Hello, > > I am using asterisk 14.2 and PJSIP, with TLS transport. > > I’m sure I’m doing something wrong here .. > > > In 2 distinct softphone clients (Bria and Groundwire), I am able to > register successfully, and place a SIP

[asterisk-users] TLS certificate warnings in softphone, but not until after successful registration and call placed ?

Hello, I am using asterisk 14.2 and PJSIP, with TLS transport. I’m sure I’m doing something wrong here .. In 2 distinct softphone clients (Bria and Groundwire), I am able to register successfully, and place a SIP call, with no certificate warnings. But shortly after I place that first

Re: [asterisk-users] TLS problem

On Fri, Aug 26, 2016 at 12:36:05PM +0200, hw wrote: > Jonathan H schrieb: > >Well, what immediately stands out is: > >"FILE * open failed!" > > Yes, and it doesn´t say which file cannot be opened. I even looked at > the source and found that at that point, you can´t simply add some > debugging

Re: [asterisk-users] TLS problem

Sorry, things got a bit behind. I was about to settle down and type something up, when I notice you mention SIP. Sorry, I've not used that - I'm only familiar with the current pjsip implementation on 13.10. Which looks like this: [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061

Re: [asterisk-users] TLS problem

Jonathan H schrieb: Well, what immediately stands out is: "FILE * open failed!" Yes, and it doesn´t say which file cannot be opened. I even looked at the source and found that at that point, you can´t simply add some debugging output to find out. Have you triple checked that the full

Re: [asterisk-users] TLS problem

Well, what immediately stands out is: "FILE * open failed!" Have you triple checked that the full filepath is correct and that the user that Asterisk is running as has full permissions to access your valid certificate file? I have it working with microsip and a free TLS cert from LetsEncrypt.

Re: [asterisk-users] TLS problem

hw schrieb: Hi, I´m trying to get TLS to work with asterisk and client phones, and all I´m getting from asterisk is [Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE * open failed! == Problem setting up ssl connection: error::lib(0):func(0):reason(0)

[asterisk-users] TLS problem

Hi, I´m trying to get TLS to work with asterisk and client phones, and all I´m getting from asterisk is [Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE * open failed! == Problem setting up ssl connection: error::lib(0):func(0):reason(0) [Aug 23

Re: [asterisk-users] tls on asterisk 13

I did using acrobits groundwire on asterisk 13.7.2 Had to add a statement in pjsip.endpointxxx I do not have it in mind but can look it up for you tomorrow. Sent from my iPhone > On Jul 8, 2015, at 9:05 PM, ricky gutierrez wrote: > > Hi list , I'm doing some tests with

Re: [asterisk-users] tls on asterisk 13

On Wed, 2015-07-08 at 15:09 -0400, Ryan, Travis wrote: > Asterisk13 can do native tls with each phone? Nice. Some soft phone support TLS, but does anybody knows a soft phone that support pkcs11? (keys & certs stored on a smart-card) Hans --

Re: [asterisk-users] tls on asterisk 13

2015-07-08 13:11 GMT-06:00 Joshua Colp jc...@digium.com: You probably want to add rewrite_contact=yes to your endpoint. This will cause it to reuse the existing connection established from the phone. Generally the port provided by the phone is not reachable. Hi Joshua , I add the option you

Re: [asterisk-users] tls on asterisk 13

2015-07-08 13:09 GMT-06:00 Ryan, Travis ry...@oscarwinski.com: Asterisk13 can do native tls with each phone? Nice. any example? rickygm http://gnuforever.homelinux.com -- _ -- Bandwidth and Colocation Provided by

Re: [asterisk-users] tls on asterisk 13

ricky gutierrez wrote: Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed to make it work, all my terminals spa Cisco 5XX look my cli [Jul 8 11:09:16] ERROR[14733]: pjsip:0?:tlsc0x7f539801 TLS connect() error: Connection refused [code=120111] [Jul 8 11:09:16]

[asterisk-users] tls on asterisk 13

Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed to make it work, all my terminals spa Cisco 5XX look my cli [Jul 8 11:09:16] ERROR[14733]: pjsip:0 ?:tlsc0x7f539801 TLS connect() error: Connection refused [code=120111] [Jul 8 11:09:16] WARNING[14733]: pjsip:0 ?:

Re: [asterisk-users] tls on asterisk 13

Discussion Subject: [asterisk-users] tls on asterisk 13 Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed to make it work, all my terminals spa Cisco 5XX look my cli [Jul 8 11:09:16] ERROR[14733]: pjsip:0 ?:tlsc0x7f539801 TLS connect() error: Connection refused [code=120111

[asterisk-users] tls forasterisk

hi, is there some tutorials on the you tube how to setup tls for asterisk and how to get ip phones register like thatwhat ip phones can support tls any way?Alex -- _ -- Bandwidth and Colocation Provided by

[asterisk-users] TLS not working in 11.16

Kindly guide with debugging TLS issue in asterisk 11.16. Compiled from source and works all ok ! Added the below to sip.conf tlsenable=yes tlsbindaddr=0.0.0.0:5061 However asterisk doesn't even listen to port 5061 sudo netstat -anp Kindly guide Thanks Best, Chirag A. --

[asterisk-users] TLS connect() error when calling udp to tls

Stuck with TLS transport, I have 2 phones (both in local network for tests) one connected with up second with tls when I calling TLS to UPD everything is fine, but when UDP calls TLS I getting an error ERROR[44230]: pjsip:0 ?: tlsc0x7f143012 TLS connect() error: Connection refused

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

This seems to me to be getting down to some sort of problem with configuring the Snom-870. when I register the device 41712 (set up for transport=tls only) then I see this in the SIP trace: Sent to udp:192.168.6.9:5060 at 4/3/2015 09:07:36:813 (836 bytes): REGISTER

[asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870 desk-sets. And I am not having much luck. Since

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

JBB == James B Byrne byrn...@harte-lyne.ca writes: JBB tcpenable=yes JBB tlsenable=yes JBB tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB tlsdontverifyserver=yes JBB tlscipher=ALL JBB tlsclientmethod=tlsv1 You are missing the

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

These are the sip settings on our installion. Global Settings: UDP Bindaddress:0.0.0.0:5060 TCP SIP Bindaddress:0.0.0.0:5060 TLS SIP Bindaddress:(null) Videosupport: No Textsupport:No Ignore SDP sess. ver.: No AutoCreate Peer:

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

Am 03.03.2015 um 18:16 schrieb James B. Byrne: CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

On Tue, March 3, 2015 13:19, jg wrote: Forget about the reverse DNS stuff for the moment. Do simple SIP accounts (without SRTP/SRTP and deny/permit stuff) work? Enable SRTP, but you likely need the AES-80 fro SRTP Auth-tag. Then try the rest. jg The Snom870s and our Asterisk FreePBX

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

Other things to consider: The transport config, which can be in [general] or in a peer's [] block. if you want tls-only, use transport=tls it also accepts tcp, udp or a comma-separated list. if given a list, it tries them in order If you need ast to register over tls, use something

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

I reconfigured sip.conf to have these settings: tcpenable=yes tlsenable=yes tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.pem tlscafile=/etc/pki/tls/certs/ca-bundle.crt tlsdontverifyserver=yes tlscipher=ALL tlsclientmethod=tlsv1

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

On Tue, March 3, 2015 16:34, James Cloos wrote: Other things to consider: The transport config, which can be in [general] or in a peer's [] block. if you want tls-only, use transport=tls it also accepts tcp, udp or a comma-separated list. if given a list, it tries them in order

Re: [asterisk-users] TLS, SRTP, Asterisk11 and Snom870s

On Tue, March 3, 2015 13:37, James Cloos wrote: JBB == James B Byrne byrn...@harte-lyne.ca writes: JBB tcpenable=yes JBB tlsenable=yes JBB tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB tlsdontverifyserver=yes JBB

[asterisk-users] TLS on SIP trunk

Has anyone tried to create a SIP trunk between Asterisk and a CUCM? If so has anyone enabled tls on the trunk? Would the tlscafile field in the Asterisk sip.conf be used to refer to the pem file provided by the CUCM? Is the purpose of tlscafile to refer to the other call manager's pem file? Or

[asterisk-users] TLS/TCP behind NAT; Signaling issues with offnet phones

Issue is what subject says. Here is the background. Version: 11.11.0 Topology: Asterisk Box at our Data Center behind Cisco Firewall. Everything works fine from remote offices over a VPN. Issue is sales team would like to connect up to our Asterisk box remotely (offnet). Common enough

Re: [asterisk-users] TLS/TCP behind NAT; Signaling issues with offnet phones

Just found the solution in case someone down the line stumbles across this. externaddr only works with localnet defined in sip.conf. Again, was simply misled due to UDP working but TCP not working. This also resolved the issue with TLS which makes sense. On Thu, Jul 24, 2014 at 5:12 PM, D.H.

[asterisk-users] TLS, STRP and ARA

Hi I'm just about to upgrade to version 1.8.29.0 and have compiled with SRTP. However, we exclusively use the asterisk realtime architecture using the mysql connector. Looking at tutorials we have to set encryption=yes and transport=tls for any peer we want encrypted traffic for. Having a look

Re: [asterisk-users] TLS, STRP and ARA

I have just answered my own questions and it's all fine. transport will accept a value of tls and interpret it (you'll have to alter the column definition if you're using an enum). encryption column can be added and interpreted, here's the column defintion I used. alter table sip add column

Re: [asterisk-users] TLS

Le 06/02/2013 23:15, kepin sinatra a écrit : Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu 10.04. I follow the tutorial: https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial. and I use blink as a softphone in ny client in windows. for regular

Re: [asterisk-users] TLS

when i start sip reload, doesn't appear about SSL certificate ok, i install asterisk with : ./configure --enable-xmldoc make menuselect make make install make samples make config ok, maybe i try using tshark later... yes, i'm sure blink is configured for TLS. and i've installed the certificate

[asterisk-users] TLS

Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu 10.04. I follow the tutorial: https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial. and I use blink as a softphone in ny client in windows. for regular communication process (without TLS) smoothly, but when it

[asterisk-users] TLS/SRTP support in Cisco SPA112 and SPA122

Hi all, It seems that the latest ATAs from Cisco/Linksys support SRTP. Did anybody give these features a go with asterisk? Regards Rajil -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to

Re: [asterisk-users] TLS/SRTP - Cisco SPA-301

Le 20/09/2012 06:22, Fábio Lira a écrit : Hello all, I bought a Cisco model of SPA-301, I saw that in the specifications it supports SRTP for secure connections, but I'm not finding how to create a certificate and where and how should I configure my Asterisk 1.8. I already use other ip

[asterisk-users] TLS/SRTP - Cisco SPA-301

Hello all, I bought a Cisco model of SPA-301, I saw that in the specifications it supports SRTP for secure connections, but I'm not finding how to create a certificate and where and how should I configure my Asterisk 1.8. I already use other ip phones and these are the other Yealink T32G and

[asterisk-users] tls is up but no audio

Hi All, I'm headbanging on this from a couple of days, begging here for some help :) I'm configuring tls on asterisk for the first time to experiment with an open (public) service idea about having asterisk accepting any sip user (with the sip.conf option 'autocreatepeer=yes') and call each

[asterisk-users] TLS problems - patch in Jira

I've just come across this issue: https://issues.asterisk.org/jira/browse/ASTERISK-17727 I am strongly in support of TLS and I believe this issue will be a stumbling block for more and more users - because more and more CAs are using the intermediate certificate chains For example, the free

[asterisk-users] TLS bug in asterisk?

Hi folks. I've got a problem dialing with my new Snom M9 via TLS on asterisk 1.8.7.1 . Registration works like a charm - the phone becomes 'AVAILABLE'. An INVITE is responded by a 401 to be expected, but then asterisk closes the TLS connection upon the Snom's ACK. The authenticated INVITE the

Re: [asterisk-users] TLS Error on 1.6 and 1.8

: Thursday, August 11, 2011 1:55 PM Subject: [asterisk-users] TLS Error on 1.6 and 1.8 Trying to setup UM with Office 365 which requires TLS. I've tried under 1.8.5.0 and under 1.6.2.16.1 and I get the same error: [Aug 11 06:50:20] VERBOSE[3023] tcptls.c: SSL certificate ok [Aug 11 06:50:20

[asterisk-users] TLS Error on 1.6 and 1.8

Trying to setup UM with Office 365 which requires TLS. I've tried under 1.8.5.0 and under 1.6.2.16.1 and I get the same error: [Aug 11 06:50:20] VERBOSE[3023] tcptls.c: SSL certificate ok [Aug 11 06:50:20] VERBOSE[3023] tcptls.c:   == Problem setting up ssl connection:

Re: [asterisk-users] tls/srtp: sip_xmit error: returned -2

I'm still no further advanced on this, but I think I have narrowed it down to tls. I have sip debug logs which shows that the server cannot contact the tls enabled phone at the same time this error crops up. The log says calling user and then the error. With TLS disabled, though, SRTP still

Re: [asterisk-users] TLS/SRTP calls go to circuit busy.

From: Terry Wilson twil...@digium.com Subject: Re: [asterisk-users] TLS/SRTP calls go to circuit busy. To: Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Message-ID: 4d708805.3060...@digium.com Content-Type: text/plain; charset=ISO-8859-1; format

Re: [asterisk-users] TLS/SRTP calls go to circuit busy.

Supported: replaces, timer Content-Length: 0 Message: 8 Date: Tue, 1 Mar 2011 10:04:14 -0600 From: Terry Wilson twil...@digium.com Subject: Re: [asterisk-users] TLS/SRTP calls go to circuit busy. To: Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users

Re: [asterisk-users] TLS/SRTP calls go to circuit busy.

On 03/03/2011 02:22 PM, Mitch Johnson wrote: Thanks so much for pointing this out. I was curious why the commands in the documentation differed to the commands I was using. That problem is fixed, but now I have a new issue. I can call with no issues, however, as soon as I answer one of the

Re: [asterisk-users] TLS/SRTP calls go to circuit busy.

On Feb 28, 2011, at 7:19 PM, mitch Johnson wrote: I'm in the process of testing a TLS/SRTP install. My experience is improving with each new challenge, but this one is a great test of my 2 month experience with Asterisk. [myphones] ;exten = 6001,1,Dial(SIP/6001) ;exten =

[asterisk-users] TLS/SRTP calls go to circuit busy.

I'm in the process of testing a TLS/SRTP install. My experience is improving with each new challenge, but this one is a great test of my 2 month experience with Asterisk. When I dial 6003 from 6001, it takes 35 seconds until I get the error message that 6003 is circuit-busy. Any help would

[asterisk-users] TLS re-negotiation attack on SIP/TLS of Asterisk?

Hi all, i read about the TLS-RENEGOTIATION vulnerability: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html www.phonefactor.com/sslgapdocs/Renegotiating_TLS.pdf Does the Asterisk

Re: [asterisk-users] TLS Manager

Thank you although that seems a bit strange. Does one simply concatenate them together or is it really looking for a PKCS#12 file? Thanks - John On Sun, 2009-07-26 at 10:03 -0700, Eric Chamberlain wrote: The pem file should contain both the private key and the certificate. On Jul 24, 2009,

Re: [asterisk-users] TLS Manager

After some testing and false starts, it looks like PKCS#12 does not work but simple concatenation does. Thanks - John On Mon, 2009-07-27 at 06:38 -0400, John A. Sullivan III wrote: Thank you although that seems a bit strange. Does one simply concatenate them together or is it really looking

Re: [asterisk-users] TLS Manager

The pem file should contain both the private key and the certificate. On Jul 24, 2009, at 4:08 PM, John A. Sullivan III wrote: Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager.

Re: [asterisk-users] TLS Manager

On 25/07/09 00:08, John A. Sullivan III wrote: Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the

[asterisk-users] TLS Manager

Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file:

[asterisk-users] TLS support

Hello, Does anybody know whether Asterisk 1.4 supports TLS? Or may be any work patches or branches? Thanks in advance -- Best Regards Alexander Olekhnovich ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To

[Asterisk-Users] TLS from a Sponsored Google Summer of Coding?

I happened on to a website from Google that says there was a Digium/Google sponsored project to add certificates and TLS and TCP (as opposed to just UDP) to Asterisk. Does anyone know anything about this as it indicates that it works in the current asterisk (since like August of 2005). The

Re: [Asterisk-Users] TLS from a Sponsored Google Summer of Coding?

Dave Wise wrote: I happened on to a website from Google that says there was a Digium/Google sponsored project to add certificates and TLS and TCP (as opposed to just UDP) to Asterisk. Does anyone know anything about this as it indicates that it works in the current asterisk (since like August