Hi everyone, Thank you all for your kind help with the TLS configuration. Palany's suggestion worked flawlessly, and now both inbound and outbound calls are functioning.
However, I'm facing a one-way audio issue, and calls are disconnected after 30 seconds. I suspect this might be related to NAT. Here’s the current setup: *Asterisk <===> Kamailio (as SBC) <=====> MS Teams* Could this be related to my NAT configuration, or is there something else I should investigate? Any guidance would be greatly appreciated. Thanks again for your support! On Thu, Aug 15, 2024 at 11:02 PM palany <[email protected]> wrote: > > > Hi Muhammad > > > > Can you try your tls cfg as below and make sure your certificates have the > right permissions. > > > > [server:default] > > method = TLSv1.2+ > > verify_certificate = no > > require_certificate = no > > private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem > > certificate = /etc/letsencypt/live/MYDOMAIN/fullchain.pem > > > > [client:default] > > method = TLSv1.2+ > > verify_certificate = no > > require_certificate = no > > private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem > > certificate = /etc/letsencrypt/live/MYDOMAIN/fullchain.pem > > *From:* Muhammad Sohaib via sr-users [mailto:[email protected]] > *Sent:* Thursday, 15 August 2024 3:46 PM > *To:* Kamailio (SER) - Users Mailing List > *Cc:* Muhammad Sohaib > *Subject:* [SR-Users] certificate verify failed (sni: unknown) > integration with ms teams > > > > Dear all, > > > > Trying to integrate Kamailio with MS Teams by following > https://skalatan.de/en/blog/kamailio-sbc-teams > > > > kamcmd dispatcher.list | egrep "URI|FLAGS" > > > URI: sip:sip.pstnhub.microsoft.com > ;transport=tls > FLAGS: IP > URI: sip: > sip2.pstnhub.microsoft.com;transport=tls > FLAGS: IP > URI: sip: > sip3.pstnhub.microsoft.com;transport=tls > FLAGS: IP > > > > Kamailio Logs: > > /usr/local/sbin/kamailio[412158]: INFO: <script>: Sent out tm request: > OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012 > Via: SIP/2.0/TLS > x.x.x.x:5061;branch=z9hG4bK5dad.92de50b2000000000000000000000000.0#015#012 > To: <sip:sip.pstnhub.microsoft.com;transport=tls>#015#012 > From: <sip:test.mytest.com > >;tag=5d0939b82abe9b1bbf185d963b6e6c88-edeb3c71#015#012 > CSeq: 10 OPTIONS#015#012 > Call-ID: [email protected]#015#012 > <http://[email protected]#015%23012> > Max-Forwards: 70#015#012Content-Length: 0#015#012 > User-Agent: kamailio (5.8.2 (x86_64/linux)) > > /usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1312]: > tls_h_read_f(): protocol level error > /usr/local/sbin/kamailio[412165]: ERROR: tls [tls_util.h:49]: > tls_err_ret(): TLS write:error:0A000086:SSL routines::certificate verify > failed (sni: unknown) > /usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1316]: > tls_h_read_f(): src addr: 52.114.75.24:5061 > /usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1319]: > tls_h_read_f(): dst addr: x.x.x.x:0 > /usr/local/sbin/kamailio[412165]: ERROR: <core> [core/tcp_read.c:1524]: > tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fa74d265d40 r: > 0x7fa74d265e68 (-1) > > > tls.cfg: > > [server:default] > method = TLSv1.2+ > verify_certificate = yes > require_certificate = yes > private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem > certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem > ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem > server_name = test.mytest.com > > [client:default] > method = TLSv1.2+ > verify_certificate = yes > require_certificate = yes > private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem > certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem > ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem > > Please suggest what I am missing. > > --- > > Thanks, > -- Thanks,
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
