On 09.04.23 at 19:55 Steve Matzura wrote:
Thanks, Michael. A few questions:
Is [transport_name] a reserved word, or am I supposed to replace it with a name of
my own, like '[did-transport]'?
Yes. You are free.
Some of the keywords I haven't seen before. Is ca_list_file supposed to be an
Thanks, Michael. A few questions:
Is [transport_name] a reserved word, or am I supposed to replace it with
a name of my own, like '[did-transport]'?
Some of the keywords I haven't seen before. Is ca_list_file supposed to
be an aggregate of the public and private key? And what are the
Hello Steve,
use the following configuration for the transport and bind this
transport to the trunk:
[transport_name]
type=transport
protocol=tls
bind=192.168.13.24 ; your bind IP
ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
; method=tlsv1_2
verify_server=yes
allow_reload=no
;tos=0xb8
;cos=3
I want to configure communication with my phone provider using TLS for
all the obvious reasons. Since I'm behind a firewall, I'll be needing to
do it with NAT. There are examples of UDP plus NAT in pjsip.conf, but
none for TLS plus NAT. Would it be correct to set up the TLS transport
stanza to
Hello,
Le lun. 6 janv. 2020 à 19:01, Olivier a écrit :
> May I add I could successfully (if pjsip show transports has any meaning)
> add a PJSIP TLS-transport with:
>
> [transport-tls]
> type=transport
> protocol=tls
> bind=0.0.0.0:5061
> cert_file=/etc/asterisk/keys/asterisk.crt
>
On Monday 06 January 2020 at 19:01:09, Olivier wrote:
> May I add I could successfully (if pjsip show transports has any meaning)
> add a PJSIP TLS-transport with:
>
> [transport-tls]
> type=transport
> protocol=tls
> bind=0.0.0.0:5061
> cert_file=/etc/asterisk/keys/asterisk.crt
>
May I add I could successfully (if pjsip show transports has any meaning)
add a PJSIP TLS-transport with:
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1
Le lun. 6 janv. 2020 à
On Monday 06 January 2020 at 18:33:39, Olivier wrote:
> Hello,
>
> On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a
> way to enable HTTPS.
> # cat /etc/asterisk/http.conf
> [general]
> servername=Asterisk
> enabled=yes
> bindaddr=0.0.0.0
> bindport=8088
> tlsenable=yes
>
Hello,
On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a
way to enable HTTPS.
Asterisk is running as asterisk:asterisk:
asterisk 11097 0.3 6.7 741352 67984 ?Ssl 17:53 0:06
/usr/sbin/asterisk -g -f -p -U asterisk
# cat /etc/asterisk/http.conf
[general]
On Wed, Jan 4, 2017, at 10:29 AM, Patrick Laimbock wrote:
>
> Thank you for your feedback Joshua. Does "right now" mean that this will
> be fixed in the (near) future? Should I file a Jira ticket?
There is no issue that I can remember that is tracking this and I am
aware of noone working on it.
On 03-01-17 19:06, Joshua Colp wrote:
On Fri, Dec 30, 2016, at 05:04 AM, Kevin Long wrote:
Hello,
I am using asterisk 14.2 and PJSIP, with TLS transport.
I’m sure I’m doing something wrong here ..
In 2 distinct softphone clients (Bria and Groundwire), I am able to
register successfully,
On Fri, Dec 30, 2016, at 05:04 AM, Kevin Long wrote:
>
>
> Hello,
>
> I am using asterisk 14.2 and PJSIP, with TLS transport.
>
> I’m sure I’m doing something wrong here ..
>
>
> In 2 distinct softphone clients (Bria and Groundwire), I am able to
> register successfully, and place a SIP
Hello,
I am using asterisk 14.2 and PJSIP, with TLS transport.
I’m sure I’m doing something wrong here ..
In 2 distinct softphone clients (Bria and Groundwire), I am able to register
successfully, and place a SIP call, with no certificate warnings. But shortly
after I place that first
On Fri, Aug 26, 2016 at 12:36:05PM +0200, hw wrote:
> Jonathan H schrieb:
> >Well, what immediately stands out is:
> >"FILE * open failed!"
>
> Yes, and it doesn´t say which file cannot be opened. I even looked at
> the source and found that at that point, you can´t simply add some
> debugging
Sorry, things got a bit behind. I was about to settle down and type
something up, when I notice you mention SIP.
Sorry, I've not used that - I'm only familiar with the current pjsip
implementation on 13.10.
Which looks like this:
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
Jonathan H schrieb:
Well, what immediately stands out is:
"FILE * open failed!"
Yes, and it doesn´t say which file cannot be opened. I even looked at
the source and found that at that point, you can´t simply add some
debugging output to find out.
Have you triple checked that the full
Well, what immediately stands out is:
"FILE * open failed!"
Have you triple checked that the full filepath is correct and that the
user that Asterisk is running as has full permissions to access your
valid certificate file?
I have it working with microsip and a free TLS cert from LetsEncrypt.
hw schrieb:
Hi,
I´m trying to get TLS to work with asterisk and client phones,
and all I´m getting from asterisk is
[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE *
open failed!
== Problem setting up ssl connection: error::lib(0):func(0):reason(0)
Hi,
I´m trying to get TLS to work with asterisk and client phones,
and all I´m getting from asterisk is
[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE *
open failed!
== Problem setting up ssl connection: error::lib(0):func(0):reason(0)
[Aug 23
I did using acrobits groundwire on asterisk 13.7.2
Had to add a statement in pjsip.endpointxxx
I do not have it in mind but can look it up for you tomorrow.
Sent from my iPhone
> On Jul 8, 2015, at 9:05 PM, ricky gutierrez wrote:
>
> Hi list , I'm doing some tests with
On Wed, 2015-07-08 at 15:09 -0400, Ryan, Travis wrote:
> Asterisk13 can do native tls with each phone? Nice.
Some soft phone support TLS,
but does anybody knows a soft phone that support pkcs11?
(keys & certs stored on a smart-card)
Hans
--
2015-07-08 13:11 GMT-06:00 Joshua Colp jc...@digium.com:
You probably want to add rewrite_contact=yes to your endpoint. This will
cause it to reuse the existing connection established from the phone.
Generally the port provided by the phone is not reachable.
Hi Joshua , I add the option you
2015-07-08 13:09 GMT-06:00 Ryan, Travis ry...@oscarwinski.com:
Asterisk13 can do native tls with each phone? Nice.
any example?
rickygm
http://gnuforever.homelinux.com
--
_
-- Bandwidth and Colocation Provided by
ricky gutierrez wrote:
Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed
to make it work, all my terminals spa Cisco 5XX
look my cli
[Jul 8 11:09:16] ERROR[14733]: pjsip:0?:tlsc0x7f539801 TLS
connect() error: Connection refused [code=120111]
[Jul 8 11:09:16]
Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed
to make it work, all my terminals spa Cisco 5XX
look my cli
[Jul 8 11:09:16] ERROR[14733]: pjsip:0 ?:tlsc0x7f539801 TLS
connect() error: Connection refused [code=120111]
[Jul 8 11:09:16] WARNING[14733]: pjsip:0 ?:
Discussion
Subject: [asterisk-users] tls on asterisk 13
Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed
to make it work, all my terminals spa Cisco 5XX
look my cli
[Jul 8 11:09:16] ERROR[14733]: pjsip:0 ?:tlsc0x7f539801 TLS
connect() error: Connection refused [code=120111
hi,
is there some tutorials on the you tube how to setup tls for asterisk and how
to get ip phones register like thatwhat ip phones can support tls any
way?Alex
--
_
-- Bandwidth and Colocation Provided by
Kindly guide with debugging TLS issue in asterisk 11.16. Compiled from
source and works all ok !
Added the below to sip.conf
tlsenable=yes
tlsbindaddr=0.0.0.0:5061
However asterisk doesn't even listen to port 5061
sudo netstat -anp
Kindly guide
Thanks
Best,
Chirag A.
--
Stuck with TLS transport,
I have 2 phones (both in local network for tests)
one connected with up second with tls
when I calling TLS to UPD everything is fine, but when UDP calls TLS I getting
an error
ERROR[44230]: pjsip:0 ?: tlsc0x7f143012 TLS connect() error: Connection
refused
This seems to me to be getting down to some sort of problem with
configuring the Snom-870.
when I register the device 41712 (set up for transport=tls only) then
I see this in the SIP trace:
Sent to udp:192.168.6.9:5060 at 4/3/2015 09:07:36:813 (836 bytes):
REGISTER
CentOS-6.5 (FreePBX-2.6)
Asterisk-11.14.2 (FreePBX)
snom870-SIP 8.7.3.25.5
I am having a very difficult time attempting to get TLS and SRTP
working with Asterisk and anything else. At the moment I am trying to
get TLS functioning with our Snom870 desk-sets. And I am not having
much luck.
Since
JBB == James B Byrne byrn...@harte-lyne.ca writes:
JBB tcpenable=yes
JBB tlsenable=yes
JBB tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
JBB tlscafile=/etc/pki/tls/certs/ca-bundle.crt
JBB tlsdontverifyserver=yes
JBB tlscipher=ALL
JBB tlsclientmethod=tlsv1
You are missing the
These are the sip settings on our installion.
Global Settings:
UDP Bindaddress:0.0.0.0:5060
TCP SIP Bindaddress:0.0.0.0:5060
TLS SIP Bindaddress:(null)
Videosupport: No
Textsupport:No
Ignore SDP sess. ver.: No
AutoCreate Peer:
Am 03.03.2015 um 18:16 schrieb James B. Byrne:
CentOS-6.5 (FreePBX-2.6)
Asterisk-11.14.2 (FreePBX)
snom870-SIP 8.7.3.25.5
I am having a very difficult time attempting to get TLS and SRTP
working with Asterisk and anything else. At the moment I am trying to
get TLS functioning with our Snom870
On Tue, March 3, 2015 13:19, jg wrote:
Forget about the reverse DNS stuff for the moment.
Do simple SIP accounts (without SRTP/SRTP and deny/permit stuff) work?
Enable SRTP, but you likely need the AES-80 fro SRTP Auth-tag.
Then try the rest.
jg
The Snom870s and our Asterisk FreePBX
Other things to consider:
The transport config, which can be in [general] or in a peer's [] block.
if you want tls-only, use transport=tls
it also accepts tcp, udp or a comma-separated list.
if given a list, it tries them in order
If you need ast to register over tls, use something
I reconfigured sip.conf to have these settings:
tcpenable=yes
tlsenable=yes
tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.pem
tlscafile=/etc/pki/tls/certs/ca-bundle.crt
tlsdontverifyserver=yes
tlscipher=ALL
tlsclientmethod=tlsv1
On Tue, March 3, 2015 16:34, James Cloos wrote:
Other things to consider:
The transport config, which can be in [general] or in a peer's []
block.
if you want tls-only, use transport=tls
it also accepts tcp, udp or a comma-separated list.
if given a list, it tries them in order
On Tue, March 3, 2015 13:37, James Cloos wrote:
JBB == James B Byrne byrn...@harte-lyne.ca writes:
JBB tcpenable=yes
JBB tlsenable=yes
JBB tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
JBB tlscafile=/etc/pki/tls/certs/ca-bundle.crt
JBB tlsdontverifyserver=yes
JBB
Has anyone tried to create a SIP trunk between Asterisk and a CUCM? If so has
anyone enabled tls on the trunk? Would the tlscafile field in the Asterisk
sip.conf be used to refer to the pem file provided by the CUCM? Is the purpose
of tlscafile to refer to the other call manager's pem file? Or
Issue is what subject says. Here is the background.
Version: 11.11.0
Topology: Asterisk Box at our Data Center behind Cisco Firewall.
Everything works fine from remote offices over a VPN. Issue is sales team
would like to connect up to our Asterisk box remotely (offnet). Common
enough
Just found the solution in case someone down the line stumbles across this.
externaddr only works with localnet defined in sip.conf.
Again, was simply misled due to UDP working but TCP not working.
This also resolved the issue with TLS which makes sense.
On Thu, Jul 24, 2014 at 5:12 PM, D.H.
Hi
I'm just about to upgrade to version 1.8.29.0 and have compiled with SRTP.
However, we exclusively use the asterisk realtime architecture using the
mysql connector.
Looking at tutorials we have to set encryption=yes and transport=tls for
any peer we want encrypted traffic for.
Having a look
I have just answered my own questions and it's all fine.
transport will accept a value of tls and interpret it (you'll have to alter
the column definition if you're using an enum).
encryption column can be added and interpreted, here's the column defintion
I used.
alter table sip add column
Le 06/02/2013 23:15, kepin sinatra a écrit :
Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu
10.04. I follow the tutorial:
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial.
and I use blink as a softphone in ny client in windows. for regular
when i start sip reload, doesn't appear about SSL certificate ok, i
install asterisk with :
./configure --enable-xmldoc
make menuselect
make make install
make samples
make config
ok, maybe i try using tshark later...
yes, i'm sure blink is configured for TLS. and i've installed the
certificate
Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu
10.04. I follow the tutorial:
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial. and I
use blink as a softphone in ny client in windows. for regular communication
process (without TLS) smoothly, but when it
Hi all,
It seems that the latest ATAs from Cisco/Linksys support SRTP. Did
anybody give these features a go with asterisk?
Regards
Rajil
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to
Le 20/09/2012 06:22, Fábio Lira a écrit :
Hello all,
I bought a Cisco model of SPA-301, I saw that in the specifications it supports
SRTP for secure connections, but I'm not finding how to create a certificate
and where and how should I configure my Asterisk 1.8. I already use other ip
Hello all,
I bought a Cisco model of SPA-301, I saw that in the specifications it supports
SRTP for secure connections, but I'm not finding how to create a certificate
and where and how should I configure my Asterisk 1.8. I already use other ip
phones and these are the other Yealink T32G and
Hi All,
I'm headbanging on this from a couple of days, begging here for some help :)
I'm configuring tls on asterisk for the first time
to experiment with an open (public) service idea
about having asterisk accepting any sip user (with the sip.conf option
'autocreatepeer=yes')
and call each
I've just come across this issue:
https://issues.asterisk.org/jira/browse/ASTERISK-17727
I am strongly in support of TLS and I believe this issue will be a
stumbling block for more and more users - because more and more CAs are
using the intermediate certificate chains
For example, the free
Hi folks.
I've got a problem dialing with my new Snom M9 via TLS on asterisk 1.8.7.1 .
Registration works like a charm - the phone becomes 'AVAILABLE'.
An INVITE is responded by a 401 to be expected, but then asterisk closes the
TLS connection upon the Snom's ACK.
The authenticated INVITE the
: Thursday, August 11, 2011 1:55 PM
Subject: [asterisk-users] TLS Error on 1.6 and 1.8
Trying to setup UM with Office 365 which requires TLS. I've tried under 1.8.5.0
and under 1.6.2.16.1 and I get the same error:
[Aug 11 06:50:20] VERBOSE[3023] tcptls.c: SSL certificate ok
[Aug 11 06:50:20
Trying to setup UM with Office 365 which requires TLS. I've tried under 1.8.5.0
and under 1.6.2.16.1 and I get the same error:
[Aug 11 06:50:20] VERBOSE[3023] tcptls.c: SSL certificate ok
[Aug 11 06:50:20] VERBOSE[3023] tcptls.c: == Problem setting up ssl
connection:
I'm still no further advanced on this, but I think I have narrowed it
down to tls. I have sip debug logs which shows that the server cannot
contact the tls enabled phone at the same time this error crops up. The
log says calling user and then the error.
With TLS disabled, though, SRTP still
From: Terry Wilson twil...@digium.com
Subject: Re: [asterisk-users] TLS/SRTP calls go to circuit busy.
To: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Message-ID: 4d708805.3060...@digium.com
Content-Type: text/plain; charset=ISO-8859-1; format
Supported: replaces, timer
Content-Length: 0
Message: 8
Date: Tue, 1 Mar 2011 10:04:14 -0600
From: Terry Wilson twil...@digium.com
Subject: Re: [asterisk-users] TLS/SRTP calls go to circuit busy.
To: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users
On 03/03/2011 02:22 PM, Mitch Johnson wrote:
Thanks so much for pointing this out. I was curious why the commands in the
documentation differed to the commands I was using.
That problem is fixed, but now I have a new issue. I can call with no issues,
however, as soon as I answer one of the
On Feb 28, 2011, at 7:19 PM, mitch Johnson wrote:
I'm in the process of testing a TLS/SRTP install. My experience is improving
with each new challenge, but this one is a great test of my 2 month
experience with Asterisk.
[myphones]
;exten = 6001,1,Dial(SIP/6001)
;exten =
I'm in the process of testing a TLS/SRTP install. My experience is
improving with each new challenge, but this one is a great test of my 2
month experience with Asterisk.
When I dial 6003 from 6001, it takes 35 seconds until I get the error
message that 6003 is circuit-busy.
Any help would
Hi all,
i read about the TLS-RENEGOTIATION vulnerability:
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html
www.phonefactor.com/sslgapdocs/Renegotiating_TLS.pdf
Does the Asterisk
Thank you although that seems a bit strange. Does one simply
concatenate them together or is it really looking for a PKCS#12 file?
Thanks - John
On Sun, 2009-07-26 at 10:03 -0700, Eric Chamberlain wrote:
The pem file should contain both the private key and the certificate.
On Jul 24, 2009,
After some testing and false starts, it looks like PKCS#12 does not work
but simple concatenation does. Thanks - John
On Mon, 2009-07-27 at 06:38 -0400, John A. Sullivan III wrote:
Thank you although that seems a bit strange. Does one simply
concatenate them together or is it really looking
The pem file should contain both the private key and the certificate.
On Jul 24, 2009, at 4:08 PM, John A. Sullivan III wrote:
Hello, all. After many pages of googling and testing in the lab, I'm
still a bit perplexed about how to implement tls protection for the
asterisk manager.
On 25/07/09 00:08, John A. Sullivan III wrote:
Hello, all. After many pages of googling and testing in the lab, I'm
still a bit perplexed about how to implement tls protection for the
asterisk manager. manager.conf allows one to specify the cert file but
one normally must also specify the
Hello, all. After many pages of googling and testing in the lab, I'm
still a bit perplexed about how to implement tls protection for the
asterisk manager. manager.conf allows one to specify the cert file but
one normally must also specify the private key file. If I simply enter
the cert file:
Hello,
Does anybody know whether Asterisk 1.4 supports TLS? Or may be any work
patches or branches?
Thanks in advance
--
Best Regards
Alexander Olekhnovich
___
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To
I happened on to a website from Google that says there was a
Digium/Google sponsored project to add certificates and TLS and TCP (as
opposed to just UDP) to Asterisk. Does anyone know anything about this
as it indicates that it works in the current asterisk (since like August
of 2005).
The
Dave Wise wrote:
I happened on to a website from Google that says there was a
Digium/Google sponsored project to add certificates and TLS and TCP (as
opposed to just UDP) to Asterisk. Does anyone know anything about this
as it indicates that it works in the current asterisk (since like August
70 matches
Mail list logo