I got an idea, set
alias="your domain"
in the config file. I guess the client does not set any port and
protocol in the R-URI and since OpenSER listen only on 5061,
"uri==myself" does not match.
Try this, and let me know if it works.
Cheers,
Daniel
On 04/13/06 12:55, Daniel-Constantin Mierla wrote:
On 04/13/06 12:52, Daniel-Constantin Mierla wrote:
Hello,
could you send a network trace (ngrep)?
actually, ssldump to sniff tls connections.
Cheers,
Daniel
Another case when the request is forwarded in your script, is for the
messages outside of your domain (not matching uri==myself).
Cheers,
Daniel
On 04/13/06 12:32, Christoph Fürstaller wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The contact and socket in the location table is only TLS. No entry
for UDP.
And I don't have any entries in alias table.
chris...
Daniel-Constantin Mierla wrote:
Hello,
maybe the clients register non-TLS contacts, take a look in the
location
table. Also, in aliases, you may have some addresses that point to
external domains.
Cheers,
Daniel
On 04/13/06 12:05, Christoph Fürstaller wrote:
Hi Daniel,
Daniel-Constantin Mierla wrote:
Hello,
On 04/13/06 11:52, Christoph Fürstaller wrote:
Hi,
I tried that out. I check if proto is TLS:
if (proto != TLS) {
sl_send_reply("403", "Forbidden");
exit;
};
But I get this error:
3(28893) ERROR:tm:add_uac: can't fwd to af 2, proto 1 (no
corresponding listening socket)
3(28893) ERROR:tm:t_forward_nonack: failure to add branches
3(28893) ERROR:tm:t_relay_to: t_forward_nonack returned error
What does it mean? What I'm doing wrong?
My SER is only listening on tls port 5061. Do I still have to
open udp
5060 ?
it seems that you try to forward on UDP.
I figured that out too. But I don't know which part forwardes
something
on UDP? I attached my conf. Can you give it a quick look?
You can configure openser to
listen on UDP as well, and drop messages coming on UDP, if you
want to
accept only TLS. (as you have in above snippet). If all peers you
connect to support TLS, then you can forse sending over TLS all
the
time.
Cheers,
Daniel
chris...
Cesc wrote:
http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6c17b007ea61fa37b86b391ce1b2a80f#tcp
On 4/11/06, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
I searched for this function, but I didn't found it :-(
Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprüngliche Nachricht-----
Von: Cesc [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 11. April 2006 14:03
An: Haupt, Thorsten
Cc: [email protected]
Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what
transport the
message came in ... you can do something like:
if ( transport != TLS ) {
send error to UA
break;
}
Cesc
On 4/11/06, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My
clients
connect via TLS. If I deactivate UDP/5060 on the server, it
doesn't
work correct.
Some Clients can't connect and others can't establish calls. I
read in
another thread, that UDP is mandatory for SIP and that the
server
need it.
But how can I prevent users from connecting via UDP and force
them to
use TLS? I tried a firewall, blocking UDP and TCP on port
5060.
But is
this the correct way? Are there any parameters server-side
to force
users to connect via TLS?
Thanks for response.
Torsten
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEPhq7R0exH8dhr/YRAl59AKCX48Li98lcSElrrbtDTOdl1QeJIwCgkcnQ
IH4j1N1grf2PVLeEYJ0Nvfs=
=tsRB
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
