Hi Francisco,
OK, the CP and TLS part now working ok, you moved into a different area,
the MST one :P . have you checked
https://blog.opensips.org/2019/09/16/opensips-as-ms-teams-sbc/ ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 8/17/22 7:55 PM, Francisco Neto wrote:
About the parameter "TLSv1-“ is everything ok, after the reload. No DB
errors.
I’ve found another difficulties, but with the changes below open sips
is running fine with tls_mgm on db now.
First I have change the memory parameter and start open sips with
256mb of memory and package memory
Them the error has changed again, and I discover that on the conf file
I have informed the “CA Directory”, so I fill it on the CP too and all
errors have disappeared.
Now my difficult is to correctly establishes the communication with
microsoft teams. I don’t know what I’m doing wrong but MS are not
identifying my SIP options….
Em 17 de ago. de 2022 13:17 -0300, Bogdan-Andrei Iancu
<[email protected]>, escreveu:
You can add extra methods in the combo, not a problem - the question
is if opensips will understand it when loading from DB - do you see
any errors on reload ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 8/17/22 5:52 PM, Francisco Neto wrote:
Hi Bogdan-Andrei!!
I’ve made the changes on the code as you requested. On CP I could
fill the match_sip_domain With * and update the item, after that the
errors on log file have changed a lot now.
Below are the errors that are appearing to me now
By the way, directly on the config file the SSL Method that works
better for me was “TLSv1-“. This option didn’t exist on
tviewer.inc.php, but I have created this option on the file. Does it
have any problem to add a new valid combo option??
Thanks!
ERROR:proto_tls:proto_tls_send: failed to send
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]: ERROR:tm:msg_send:
send() to 52.114.76.76:5061 for proto tls/3 failed
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]: ERROR:tm:t_uac:
attempt to send to 'sip:sip2.pstnhub.microsoft.com:5061' failed
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: SSL_ERROR_SYSCALL
err=Resource temporarily unavailable(11)
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: New TLS connection to
52.114.76.76:5061 failed
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: TLS error: 5 (ret=-1)
err=Resource temporarily unavailable(11)
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake!
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:openssl_tls_connect: New TLS connection to
52.114.14.70:5061 failed
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:openssl_tls_connect: TLS error: 1 (ret=-1)
err=Success(0)
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:tls_print_errstack: TLS errstack:
error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
Em 17 de ago. de 2022 04:29 -0300, Bogdan-Andrei Iancu
<[email protected]>, escreveu:
Hi Francisco,
Please check
https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c
- update again and give it a try by adding "*" for the match_domain
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 8/16/22 11:32 PM, Francisco Neto wrote:
Hi Bogdan-Andrei!
Actually I’ve tried with using sip domain as blank, with * it
didn’t let me press update on CP, and with the client certificate
(fqdn and domain part only) and in all scenarios the error is the
same as described below:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3 specific init for
conn 0x7efe29a648a8
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the
socket
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.132.46:5061 for proto tls/3 failed
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac:
attempt to send to 'sip:sip.pstnhub.microsoft.com:5061' failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3 specific init for
conn 0x7efe29b341a8
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the
socket
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac:
attempt to send to 'sip:sip2.pstnhub.microsoft.com:5061' failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3 specific init for
conn 0x7efe29a17ec8
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the
socket
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.14.70:5061 for proto tls/3 failed
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac:
attempt to send to 'sip:sip3.pstnhub.microsoft.com:5061' failed
Below is my actual config section about TLS
loadmodule "proto_tls.so"
modparam("proto_tls","tls_max_msg_chunks", 8)
modparam("proto_tls","tls_handshake_timeout", 600)
modparam("proto_tls", "tls_send_timeout", 2000)
loadmodule "tls_openssl.so"
loadmodule "tls_mgm.so"
modparam("tls_mgm",
"db_url","mysql://opensips:XXXXXXXXXX@localhost/opensips")
modparam("tls_mgm", "db_table", "tls_mgm")
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
Em 11 de ago. de 2022 12:59 -0300, Bogdan-Andrei Iancu
<[email protected]>, escreveu:
Hi Francisco,
So, if you use wildcard for match_sip_domain in the client TLS
domain, doesn't work for you ?
Regards.
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 8/10/22 5:03 PM, Francisco Neto wrote:
Hi Bogdan-Andrei!
I’ve made the changes and now I can edit the TLS certificates
normally by control panel but I continue having a problem.
If I configure the certificate directly on the configuration
file the connection with Microsoft Teams is correctly
established, if I configure through control panel, I receive on
log the following messages:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do proto 3 specific init
for conn 0x7f22a5f993d0
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the
socket
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.132.46:5061 for proto tls/3
failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to
'sip:sip.pstnhub.microsoft.com' failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do proto 3 specific init
for conn 0x7f22a5f91420
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the
socket
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3
failed
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to
'sip:sip2.pstnhub.microsoft.com' failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_connect_blocking_timeout: connect timed out,
599667 us elapsed out of 600000 us
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect_fd: tcp_blocking_connect failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.32.169:5061 for proto tls/3
failed
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to
'sip:sip3.pstnhub.microsoft.com' failed
Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
I will send attached the screenshot of the control panel and
below the configuration that works.
If it isn’t related to the same problem tell me and I send the
message to the open list ok!
Thanks!
# TLS CLIENT
#modparam("tls_mgm", "client_domain", "sbcsothis")
#modparam("tls_mgm", "match_sip_domain", "[sbcsothis]*")
#modparam("tls_mgm", "match_ip_address", "[sbcsothis]*")
#modparam("tls_mgm", "verify_cert", "[sbcsothis]1")
#modparam("tls_mgm", "require_cert", "[sbcsothis]1")
#modparam("tls_mgm", "tls_method", "[sbcsothis]TLSv1-")
#modparam("tls_mgm", "certificate",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")
#modparam("tls_mgm", "private_key",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")
#modparam("tls_mgm", "ca_list",
"[sbcsothis]/etc/ssl/certs/ca-certificates.crt")
#modparam("tls_mgm", "ca_dir",
"[sbcsothis]/etc/ssl/certs/")Config file
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
