Hi, The certificate is okay on Kamailio side (it's an valid one) and the remote side is also mine (self generated ca).
For testing I found that setup better :) and remote side use tlsv1 in freeswitch. Tested both SIP server with an sipclient, works. Tcpdump on both ends shows me that traffic is send / received due the OPTION pings. And the debug stuff don't show me the right hint at this moment. Shaheryarkh <[email protected]> schrieb am Mo., 17. Juni 2019, 22:02: > Many things can go wrong with tls setup, for example, > > 1. TLS server is listening on different port then you are trying to > connect to. Seems you are try to connect to defauly sip port for tls > connection to destination where as it is usually 5061 port used for sip tls. > > 2. Your kamailio and remote sbc do not agree on TLS protocol. Check if > remote accept TLSv1.0 commections and do not force old / obsolete SSLv23. > > 3. Remote only allows verifiable certificates but you seem to be using > self-signed certificates. > > If all of this does not work then run kamailio with debug logging enabled > and see what errors kamailio prints out about connection. You can post > those error logs here for further discussion. > > Hope this helps. > > Thank you. > > > On Jun 17, 2019 at 7:10 PM, <Karsten Horsmann <[email protected]>> > wrote: > > Hi all, > > i try to configure an SBC OS config [1] based kamailio 5.2.3 [2] with > dispatcher and rtpengine. > I used transport=tcp to see the plain traffic and then switched to TLS > (with tls.cfg, valid certificate and stuff). > > After starting up, the Target is marked as "down". > Due the encryption its hard to debug that. > Any hints? Did i made an mistake in the configuration? > > TLS calls from the target to my kamailio proxy works. So its "half broken" > :) at the moment. > > [1] > > https://github.com/voiceboys/sbcOS/blob/master/SbcOS/configs/voice/kamailio/kamailio.cfg > > > [2] > kamailio -v > version: kamailio 5.2.3 (x86_64/linux) c36229 > flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, > DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, > Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, > FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, > USE_DST_BLACKLIST, HAVE_RESOLV_RES > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, > BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB > poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. > id: c36229 > compiled on 11:28:11 May 22 2019 with gcc 4.8.5 > > > -- %< --------------------- kamctl dispatcher dump > "SET": { > "ID": 1004, > "TARGETS": [{ > "DEST": { > "URI": "sip:sip101.example.de;transport=tls", > "FLAGS": "TP", > "PRIORITY": 0, > "ATTRS": { > "BODY": > "access=212.xx.xx.xx:5061;socket=tls:212.xx.xx.xx:5061;weight=100;ping_from=sip: > mykamailio.example.de", > "DUID": "", > "MAXLOAD": 0, > "WEIGHT": 100, > "RWEIGHT": 0, > "SOCKET": "tls:212.xx.xx.xx:5061" > }, > "LATENCY": { > "AVG": 30000, > "STD": 0, > "EST": 30000, > "MAX": 30000, > "TIMEOUT": 1 > } > } > }] > } > }, > -- %< --------------------- kamctl dispatcher dump > > WARNING: <script>: Destination down: OPTIONS > ru=sip101.example.de;transport=tls > du=<null> > > > -- %< --------------------- tls.cfg > [server:default] > method = TLSv1 > verify_certificate = no > require_certificate = no > private_key = /etc/pki/tls/private/mykamailio.example.de.pem > certificate = /etc/pki/tls/private/mykamailio.example.de.pem > server_name = mykamailio.example.de > > [server:212.xx.xx.xx:5061] > method = TLSv1+ > verify_certificate = no > require_certificate = no > > private_key = /etc/pki/tls/private/mykamailio.example.de.pem > certificate = /etc/pki/tls/private/mykamailio.example.de.pem > server_name = mykamailio.example.de > > # This is the default client domain, settings > # in this domain will be used for all outgoing > # TLS connections that do not match any other > # client domain in this configuration file. > # We require that servers present valid certificate. > # > > [client: 212.xx.xx.xx:5061] > method = TLSv1+ > verify_certificate = no > require_certificate = no > > private_key = /etc/pki/tls/private/mykamailio.example.de.pem > certificate = /etc/pki/tls/private/mykamailio.example.de.pem > server_name = mykamailio.example.de > > [client:default] > verify_certificate = no > require_certificate = no > > -- %< --------------------- tls.cfg > > Cheers Karsten > > -- > Mit freundlichen Grüßen > *Karsten Horsmann* > _______________________________________________ Kamailio (SER) - Users > Mailing List [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
