Yes. You can use avp for this. https://opensips.org/docs/modules/3.1.x/tls_mgm.html#param_client_sip_domain_avp
-- Nick пн, 10 мая 2021 г. в 16:09, Carlos Eduardo <[email protected]>: > Hey all, > > About using the right certificate, is it possible to ensure opensips is > going to use the right one when multiple are set in tls_mgm? > > Em seg., 10 de mai. de 2021 às 04:41, Răzvan Crainea <[email protected]> > escreveu: > >> Hi, Miha! >> >> According to your logs, opensips is 100% sending the OPTIONS through >> tls, but I am not sure it is using the right certificate. >> You can try to setup sip trace and see the communication between >> opensips and MSTeams. >> >> Best regards, >> >> Răzvan Crainea >> OpenSIPS Core Developer >> http://www.opensips-solutions.com >> >> On 5/10/21 9:54 AM, Miha via Users wrote: >> > Hello >> > >> > I have used letsenrypt for generating certs for Opensips. >> > >> > Regarding configuration i have fallowed your configuration steps on >> > OpenSips blog. >> > >> > socket=udp:xxx.xxx.xxx.xxx:5060 # CUSTOMIZE ME >> > socket=tls:xxx.xxx.xxx.xxx:5061 >> > >> > >> > >> > >> > ### Proto TLS >> > loadmodule "proto_tls.so" >> > modparam("proto_tls", "tls_handshake_timeout", 300) >> > #### TLS module >> > loadmodule "tls_mgm.so" >> > #modparam("tls_mgm", "db_url", "mysql://root:xxxx@localhost/opensips") >> > modparam("tls_mgm", "client_sip_domain_avp", "mtsbcs.test.com") >> > modparam("tls_mgm", "server_domain", "mt") >> > #modparam("tls_mgm", "match_ip_address", "[mt]xxx.xxx.xxx.xxx:5061") >> > #modparam("tls_mgm", "match_sip_domain", "[mt]mtsbcs.test.com") >> > modparam("tls_mgm", "certificate", >> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/cert.pem") >> > modparam("tls_mgm", "private_key", >> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/privkey.pem") >> > modparam("tls_mgm", "ca_list", "[mt]/etc/ssl/certs/ca-certificates.crt") >> > modparam("tls_mgm", "ca_dir", "[mt]/etc/ssl/certs/") >> > modparam("tls_mgm","verify_cert", "[mt]1") >> > modparam("tls_mgm","require_cert", "[mt]1") >> > modparam("tls_mgm","tls_method", "[mt]TLSv1_2") >> > modparam("proto_tls", "tls_max_msg_chunks", 8) >> > #modparam("tls_mgm", "tls_handshake_timeout", 300) >> > >> > if(is_method("OPTIONS") && is_domain_local("$rd") && >> > check_source_address(0)) { >> > xlog("L_INFO", "[MS TEAMS] OPTIONS In"); >> > send_reply(200, "OK"); >> > exit; >> > } >> > >> > >> > local_route { >> > $var(dst) = "pstnhub.microsoft.com"; >> > xlog("L_INFO","promding TEST"); >> > xlog("TESTING"); >> > if (is_method("OPTIONS") && ($(ru{s.index, $var(dst)}) != NULL)) >> > append_hf("Contact: <sip:mtsbcs.test.com:5061 >> ;transport=tls>\r\n"); >> > xlog("L_INFO", "SEDING OPTIONS TO SBC"); >> > } >> > >> > >> > I thnk that the main issue is that OPENSIPS does not send encrypted >> > OPTION to MS teams. >> > >> > Logs: >> > >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: >> > next_hop=<sip:sip.pstnhub.microsoft.com> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:mk_proxy: doing DNS >> lookup... >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:sip_resolvehost: no >> port, >> > has proto -> do SRV lookup! >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup: resolving >> > [sip.pstnhub.microsoft.com] >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup: >> > SRV(_sips._tcp.sip.pstnhub.microsoft.com) = >> sip.pstnhub.microsoft.com:5061 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing >> > sip2.pstnhub.microsoft.com:5061 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing >> > sip3.pstnhub.microsoft.com:5061 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: sending socket is >> > 212.13.249.132 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:print_request_uri: >> > sip:sip.pstnhub.microsoft.com >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: building >> > sip_msg from buffer >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: SIP Request: >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: method: >> <OPTIONS> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: uri: >> > <sip:sip.pstnhub.microsoft.com> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: version: >> <SIP/2.0> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: >> > flags=ffffffffffffffff >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via_param: found >> > param type 232, <branch> = <z9hG4bK8d8a.3706b135.0>; state=16 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via: end of header >> > reached, state=5 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: via >> found, >> > flags=ffffffffffffffff >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: this is >> > the first via >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: end of header >> > reached, state=9 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: display={}, >> > ruri={sip:sip.pstnhub.microsoft.com} >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: <To> >> [31]; >> > uri=[sip:sip.pstnhub.microsoft.com] >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: to body >> > [sip:sip.pstnhub.microsoft.com#015#012 >> <http://sip.pstnhub.microsoft.com#015%23012>] >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: cseq >> > <CSeq>: <14> <OPTIONS> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: >> > content_length=0 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: found end >> > of header >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: >> > flags=ffffffffffffffff >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=78 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: >> > flags=ffffffffffffffff >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: Change in >> > local route -> rebuilding buffer >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: >> > flags=ffffffffffffffff >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: flags >> = 15 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 2 >> > extracted as <To: sip:sip.pstnhub.microsoft.com#015#012 >> <http://sip.pstnhub.microsoft.com#015%23012>> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 1 >> > extracted as <From: >> > <sip:prober@localhost >> >;tag=a665d66adab06c7308a33b8567de92d6-f627#015#012> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 8 >> > extracted as <Call-ID: [email protected]#015#012 >> <http://[email protected]#015%23012>> >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no >> > open tcp connection found, opening new one >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: >> > getsockopt: snd is initially 16384 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: >> > using snd buffer of 416 kb >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP >> > keepalive enabled on socket 5 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new: >> > new tcp connection to: 52.114.75.24 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port >> > 5061, proto 3 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init: >> > Creating a whole new ssl connection >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_destroy: >> > destroying connection 0x7f45d7e08078, flags 0018 >> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [0]: >> > 0x7f45d7e066b0 (1625) >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:timer_routine: timer >> > routine:0,tl=0x7f45d7e066b0 next=(nil), timeout=1625 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler: >> > Cancel sent out, sending 408 (0x7f45d7e06460) >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response: >> > T_code=0, new_code=408 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_pick_branch: picked >> > branch 0, code 408 (prio=800) >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:is_3263_failure: >> > dns-failover test: branch=0, last_recv=408, flags=0 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response: >> > trying DNS-based failover >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:do_dns_failover: new >> > destination available >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000 >> > May 10 08:53:15 mtsbc opensips[1020]: >> > DBG:core:build_req_buf_from_sip_req: id added: <;i=0>, rcv proto=3 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers: >> > flags=ffffffffffffffff >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no >> > open tcp connection found, opening new one >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: >> > getsockopt: snd is initially 16384 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: >> > using snd buffer of 416 kb >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP >> > keepalive enabled on socket 5 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new: >> > new tcp connection to: 52.114.132.46 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port >> > 5061, proto 3 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init: >> > Creating a whole new ssl connection >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy: >> > destroying connection 0x7f45d7e08078, flags 0018 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no >> > open tcp connection found, opening new one >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: >> > getsockopt: snd is initially 16384 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: >> > using snd buffer of 416 kb >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP >> > keepalive enabled on socket 5 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new: >> > new tcp connection to: 52.114.14.70 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port >> > 5061, proto 3 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init: >> > Creating a whole new ssl connection >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy: >> > destroying connection 0x7f45d7e08078, flags 0018 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: branch=0, >> > save=0, winner=0 >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: local >> > transaction completed >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:run_trans_callbacks: >> > trans=0x7f45d7e06460, callback type 256, id 0 entered >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [2]: >> > 0x7f45d7e064e0 (1630) >> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler: >> done >> > >> > >> > >> > Thank you >> > miha >> > >> > >> > _______________________________________________ >> > Users mailing list >> > [email protected] >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > > -- > *Carlos E. Wagner* > *Tecnólogo em Telecomunicações, Opensips Certified Professional* > > *Fone: +55 48 99981-0894* > *E-mail:* [email protected] > *LinkedIn:* https://www.linkedin.com/in/carlos-eduardo-wagner-96bbb433/ > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
