Hi Bogdan-Andrei!
Actually I’ve tried with using sip domain as blank, with * it didn’t let me
press update on CP, and with the client certificate (fqdn and domain part only)
and in all scenarios the error is the same as described below:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_conn_create:
failed to do proto 3 specific init for conn 0x7efe29a648a8
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_sync_connect:
tcp_conn_create failed, closing the socket
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: send() to
52.114.132.46:5061 for proto tls/3 failed
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: attempt to
send to 'sip:sip.pstnhub.microsoft.com:5061' failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_conn_create:
failed to do proto 3 specific init for conn 0x7efe29b341a8
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_sync_connect:
tcp_conn_create failed, closing the socket
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: send() to
52.114.76.76:5061 for proto tls/3 failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: attempt to
send to 'sip:sip2.pstnhub.microsoft.com:5061' failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_conn_create:
failed to do proto 3 specific init for conn 0x7efe29a17ec8
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_sync_connect:
tcp_conn_create failed, closing the socket
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: send() to
52.114.14.70:5061 for proto tls/3 failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: attempt to
send to 'sip:sip3.pstnhub.microsoft.com:5061' failed
Below is my actual config section about TLS
loadmodule "proto_tls.so"
modparam("proto_tls","tls_max_msg_chunks", 8)
modparam("proto_tls","tls_handshake_timeout", 600)
modparam("proto_tls", "tls_send_timeout", 2000)
loadmodule "tls_openssl.so"
loadmodule "tls_mgm.so"
modparam("tls_mgm", "db_url","mysql://opensips:XXXXXXXXXX@localhost/opensips")
modparam("tls_mgm", "db_table", "tls_mgm")
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
[cid:F4F396411D0249C49A1BE4F226E20C17]
Em 11 de ago. de 2022 12:59 -0300, Bogdan-Andrei Iancu <[email protected]>,
escreveu:
Hi Francisco,
So, if you use wildcard for match_sip_domain in the client TLS domain, doesn't
work for you ?
Regards.
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 8/10/22 5:03 PM, Francisco Neto wrote:
Hi Bogdan-Andrei!
I’ve made the changes and now I can edit the TLS certificates normally by
control panel but I continue having a problem.
If I configure the certificate directly on the configuration file the
connection with Microsoft Teams is correctly established, if I configure
through control panel, I receive on log the following messages:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_conn_create:
failed to do proto 3 specific init for conn 0x7f22a5f993d0
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_sync_connect:
tcp_conn_create failed, closing the socket
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: send() to
52.114.132.46:5061 for proto tls/3 failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: attempt to
send to 'sip:sip.pstnhub.microsoft.com' failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_conn_create:
failed to do proto 3 specific init for conn 0x7f22a5f91420
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_sync_connect:
tcp_conn_create failed, closing the socket
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: send() to
52.114.76.76:5061 for proto tls/3 failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: attempt to
send to 'sip:sip2.pstnhub.microsoft.com' failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_connect_blocking_timeout: connect timed out, 599667 us elapsed
out of 600000 us
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect_fd: tcp_blocking_connect failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: send() to
52.114.32.169:5061 for proto tls/3 failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: attempt to
send to 'sip:sip3.pstnhub.microsoft.com' failed
Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
I will send attached the screenshot of the control panel and below the
configuration that works.
If it isn’t related to the same problem tell me and I send the message to the
open list ok!
Thanks!
# TLS CLIENT
#modparam("tls_mgm", "client_domain", "sbcsothis")
#modparam("tls_mgm", "match_sip_domain", "[sbcsothis]*")
#modparam("tls_mgm", "match_ip_address", "[sbcsothis]*")
#modparam("tls_mgm", "verify_cert", "[sbcsothis]1")
#modparam("tls_mgm", "require_cert", "[sbcsothis]1")
#modparam("tls_mgm", "tls_method", "[sbcsothis]TLSv1-")
#modparam("tls_mgm", "certificate",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")
#modparam("tls_mgm", "private_key",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")
#modparam("tls_mgm", "ca_list", "[sbcsothis]/etc/ssl/certs/ca-certificates.crt")
#modparam("tls_mgm", "ca_dir", "[sbcsothis]/etc/ssl/certs/")Config file
[cid:[email protected]]
Em 10 de ago. de 2022 04:50 -0300, Bogdan-Andrei Iancu
<[email protected]><mailto:[email protected]>, escreveu:
Hi Francisco,
Thanks for the info, it seems it was an issue with the validation regexp, see
https://github.com/OpenSIPS/opensips-cp/commit/7558bc7e36c03293858c7086edfc724d56a2b9b4
So please update from GIT or TAR and give it a try (or simply do a manual
change as per the diff link).
Let me know if it works now.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 8/9/22 11:46 PM, Francisco Neto wrote:
Hi Bogdan-Andrei! How are you!
Below is all the information that you have request ok, fell free to ask me if
you need something more!
version: opensips 3.2.5 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC,
F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
main.c compiled on with gcc 10
Opensips Control Panel 9.3.2
Debian Version 11.2
Thank you very much for the help!
[cid:[email protected]]
Em 9 de ago. de 2022 05:39 -0300, Bogdan-Andrei Iancu
<[email protected]><mailto:[email protected]>, escreveu:
Hi Francisco,
I guess you are talking about managing certificates via the Control Panel,
right ? if so, what version of OpenSIPS and OpenSIPS CP are you using ? Also,
could you provide a screenshot of the add / update form, showing the issue? IF
you have any sensitive data, please send the screenshot privately to me.
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 8/3/22 9:27 PM, Francisco Neto via Users wrote:
Hi All!
I’ve just installed open sips and everything is working ok, except the TLS
Management interface.
When I try to add ou update any entry, it only accept “Network Address” as “*”.
If I type the IP address as x.x.x.x:port or “x.x.x.x:port” or ‘x.x.x.x:port’ it
always complain with the following message: Failed to validate input for
match_ip_address
Can someone give me a tip of how should I write the IP address or if it a bug?
Thanks!
[cid:[email protected]]
_______________________________________________
Users mailing list
[email protected]<mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
