Hey John,
Apologies on the late reply, was away for the whole week.
All your questions have been checked and ruled out.
However, I still not able to resolve it. Hence, I decided to approach it
differently with manual loadparam
loadmodule "tls.so"
#modparam("tls", "config", "/etc/kamailio/tls/tls.cfg")
modparam("tls", "tls_method", "TLSv1.2+") # Force TLS 1.2+ for all connections
modparam("tls","require_certificate",1)
modparam("tls","verify_certificate",1)
modparam("tls","verify_depth",9)
modparam("tls","certificate","/etc/kamailio/tls/certificate.pem")
modparam("tls","private_key","/etc/kamailio/tls/private_key.pem")
modparam("tls","ca_list","/etc/kamailio/tls/server_cas.pem")
Now it is showing that the TLS connectivity exist, but I know can’t let the
Kamailio docker run properly and I keep receiving this log message
0(1) DEBUG: <core> [core/tcp_main.c:1305]: find_listening_sock_info(): binding
to source address 192.168.254.19:5061 failed: [Address in ue] [98]
0(1) DEBUG: tls [tls_server.c:242]: tls_complete_init(): completing tls
connection initialization
0(1) DEBUG: tls [tls_server.c:204]: tls_get_connect_server_name(): xavp with
outbound server name not found
0(1) DEBUG: tls [tls_server.c:178]: tls_get_connect_server_id(): xavp with
outbound server id not found
0(1) DEBUG: tls [tls_server.c:185]: tls_get_connect_server_id(): outbound
server id not set
Just to confirm, does it mean that I cant be using the TLS listen port and
output port the same?
Best regards,
Timothy
From: Who AmI <myfriendjo...@gmail.com>
Sent: Monday, June 16, 2025 6:31 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Timothy Delin <timothy.de...@singtel.com>
Subject: Re: [SR-Users] kamailio tls module not loading
[CAUTION: External email] Do not click links or open attachments unless you
recognize the sender and know the content is safe.
___
Hi there,
A few quick questions just to rule out the simple stuff.
- I don't see it, but I assume you have added "loadmodule "tls.so"" to the cfg?
- In the file: /etc/kamailio/modules/tls.cfg - this points to the path where
the certs are - is that path accessible by the kamailio process for read
access? (0600 with owner kamailio or 644 with owner root etc)
- Correctly named path and cert name as well in the above file?
Hope this helps.
John.
On Mon, 16 Jun 2025 at 10:30, Timothy Delin via sr-users
<sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>> wrote:
Hi everyone,
I am facing an issue where I cannot load the TLS module in my Kamailio server.
I keep receiving this error message
"0(1) ERROR: <core> [core/sr_module.c:529]: ksr_locate_module(): could not find
module <tls> in </usr/local/lib64/kamailio/modules>
0(1) CRITICAL: <core> [core/cfg.y:4015]: yyerror_at(): parse error in config
file /etc/kamailio/modules/tls.cfg, line 1, column 12-19: failed to load module"
The Kamailio that I run has this configuration
version: kamailio 5.8.6 (x86_64/linux) 6c71d5
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE,
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC,
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT,
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES,
TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE
262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 6c71d5
compiled on 04:12:34 Jun 6 2025 with gcc 12.2.1
-------------------------------------------------------------------
#global.cfg
debug=2
log_stderror=no
memdbg=5
memlog=5
log_facility=LOG_LOCAL0
log_prefix="{$mt $hdr(CSeq) $ci} "
/* number of SIP routing processes */
children=2
/* Defining interfaces */
#!substdef "!PUBLICIP!$env(PUBLICIP)!"
#!substdef "!UDPPORT!$env(UDPPORT)!"
#!substdef "!PUBLIC_UDP_SOCKET!udp:PUBLICIP:UDPPORT!"
/* Need for TLS Support */
#!substdef "!PUBLIC_TLS_SOCKET!TLS:PUBLICIP:5061!"
#!substdef "!COREIP!$env(COREIP)!"
#!substdef "!UDPPORT!$env(UDPPORT)!"
#!substdef "!CORE_UDP_SOCKET!udp:COREIP:UDPPORT!"
#!substdefs "!CORESUBNET!$env(CORESUBNET)!"
/* listen addresses */
listen=PUBLIC_UDP_SOCKET
listen=CORE_UDP_SOCKET
/* Need for TLS Support */
listen=tls:0.0.0.0:5061<http://0.0.0.0:5061>
#!substdef "!DBUSERNAME!$env(DBUSERNAME)!"
#!substdef "!DBPASSWORD!$env(DBPASSWORD)!"
#!substdef "!DBHOST!$env(DBHOST)!"
#!substdef "!DBNAME!$env(DBNAME)!"
#!define DBURL "mysql://DBUSERNAME:DBPASSWORD@DBHOST/DBNAME"
#!define HTTP_API_ROUTING_ENDPOINT "http://172.16.254.30:5000/api/routing";
----------------------------------------------------------------
#kamailio.cfg
####### Enable TLS ########
enable_tls=yes
####### Core Modules Section ########
include_file "/etc/kamailio/modules-core.cfg"
####### Global Parameters #########
include_file "/etc/kamailio/globals.cfg"
####### Other Modules Section ########
include_file "/etc/kamailio/modules.cfg"
####### Custom Parameters #########
/* These parameters can be modified runtime via RPC interface
* - see the documentation of 'cfg_rpc' module.
*
* Format: group.id<http://group.id> = value 'desc' description
* Access: $sel(cfg_get.group.id<http://cfg_get.group.id>) or
@cfg_get.group.id<http://cfg_get.group.id> */
####### Routing Logic ########
include_file "/etc/kamailio/routes.cfg"
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
To unsubscribe send an email to
sr-users-le...@lists.kamailio.org<mailto:sr-users-le...@lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the
sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
sr-users@lists.kamailio.org
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
