Hi Greg,
I am sending my openser.cfg. Pls check it.I am able to register( without tls) with polycom phones.
Regards,
jeevan
---------- Forwarded message ----------
From: Gregoire <[EMAIL PROTECTED]>
Date: Oct 16, 2006 4:24 PM
Subject: Re: [Users] Registration of Polycom SoundPointIP phone with OpenSER
To: jeevan ravula <[EMAIL PROTECTED]>
Cc: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
Could you send your configuration file?
Have you check your log on the server?
If you disable TLS, does it work?
Regards
Greg
jeevan ravula wrote:
> Hi Gregoire, Thank you for your help.My certificate has validity
> period of 1 year.I have some interesting observations to share
>
> from what you said the clock wasn't the same for openser and
> polycom phone.Ihave set the clock of both openser and polycom phone
> to same.
>
> The polycom phone got registered to openser.
>
> Now I tried communicating b/w two polycom phones via openser(with
> TLS support).The call gets established randomly.Initially it was
> only in one direction but once managed to establish in other
> direction.
>
> But once the phone gets registered to openser proxy,the time clock
> aspect is getting irrelavant.Because each time I boot from boot
> server the clock time changes to default settings but still manages
> to register with openser.
>
> Even though both the polycom phones(soundpointIp 430) are
> register.I am unable to establish communication b/w them.The
> calling party call doesn't get forwarded to the callee.I am unable
> to understand the reason.Can you explain me if possible?
>
> Thanks, Jeevan.
>
>
>
>
> On 10/15/06, Gregoire <[EMAIL PROTECTED]> wrote:
>>
>> Hi! Have you check the validity of the certificate? When it
>> begins, when it ends?Are the clock from Openser and the client
>> the same or are they different from any hours?What ssldump give
>> you as output?
>>
>> Regards
>>
>> Greg jeevan ravula wrote:
>>
>>> Hi all,
>>>
>>> I am using Polycom SoundPointIP phone as User Agent.I want to
>> register
>>> Polycom phone with OpenSER(with TLS support) server.Can anybody
>>> help me out in this regard?
>>>
>>> I have generated my rootCA and given to polycom phone.The
>>> polycom phone does not accept certificate from openser server
>>> side.It shows bad certificate.
>>>
>>> anybody who has used polycom phone earlier can help me out in
>>> this matter.I shall be greatful to them
>>>
>>> Regards, Jeevan.
>>>
>>> ------------------------------------------------------------------------
>>>
>>
>>>
>>> _______________________________________________ Users mailing
>>> list [email protected]
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFM2THI8gmGeMTr0sRAkb+AJ4rTeQHRHky3vBF8K+yGWaYaRtN5gCdEYnW
q2UswIApJ6InszFrkF96PC8=
=Eh+P
-----END PGP SIGNATURE-----
---------- Forwarded message ----------
From: Gregoire <[EMAIL PROTECTED]>
Date: Oct 16, 2006 4:24 PM
Subject: Re: [Users] Registration of Polycom SoundPointIP phone with OpenSER
To: jeevan ravula <[EMAIL PROTECTED]>
Cc: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
Could you send your configuration file?
Have you check your log on the server?
If you disable TLS, does it work?
Regards
Greg
jeevan ravula wrote:
> Hi Gregoire, Thank you for your help.My certificate has validity
> period of 1 year.I have some interesting observations to share
>
> from what you said the clock wasn't the same for openser and
> polycom phone.Ihave set the clock of both openser and polycom phone
> to same.
>
> The polycom phone got registered to openser.
>
> Now I tried communicating b/w two polycom phones via openser(with
> TLS support).The call gets established randomly.Initially it was
> only in one direction but once managed to establish in other
> direction.
>
> But once the phone gets registered to openser proxy,the time clock
> aspect is getting irrelavant.Because each time I boot from boot
> server the clock time changes to default settings but still manages
> to register with openser.
>
> Even though both the polycom phones(soundpointIp 430) are
> register.I am unable to establish communication b/w them.The
> calling party call doesn't get forwarded to the callee.I am unable
> to understand the reason.Can you explain me if possible?
>
> Thanks, Jeevan.
>
>
>
>
> On 10/15/06, Gregoire <[EMAIL PROTECTED]> wrote:
>>
>> Hi! Have you check the validity of the certificate? When it
>> begins, when it ends?Are the clock from Openser and the client
>> the same or are they different from any hours?What ssldump give
>> you as output?
>>
>> Regards
>>
>> Greg jeevan ravula wrote:
>>
>>> Hi all,
>>>
>>> I am using Polycom SoundPointIP phone as User Agent.I want to
>> register
>>> Polycom phone with OpenSER(with TLS support) server.Can anybody
>>> help me out in this regard?
>>>
>>> I have generated my rootCA and given to polycom phone.The
>>> polycom phone does not accept certificate from openser server
>>> side.It shows bad certificate.
>>>
>>> anybody who has used polycom phone earlier can help me out in
>>> this matter.I shall be greatful to them
>>>
>>> Regards, Jeevan.
>>>
>>> ------------------------------------------------------------------------
>>>
>>
>>>
>>> _______________________________________________ Users mailing
>>> list [email protected]
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFM2THI8gmGeMTr0sRAkb+AJ4rTeQHRHky3vBF8K+yGWaYaRtN5gCdEYnW
q2UswIApJ6InszFrkF96PC8=
=Eh+P
-----END PGP SIGNATURE-----
# # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
listen = 172.21.67.46 # Add by Mohit on 7 Sep
port=5060
children=4
fifo="/tmp/openser_fifo"
#
# uncomment the following lines for TLS support
disable_tls = 0
listen = tls:172.21.67.46:5061
tls_verify = 1
tls_require_certificate = 0
tls_method =SSLv23 #TLSv1
tls_certificate =
"/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-cert.pem"
tls_private_key =
"/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-privkey.pem"
tls_ca_list =
"/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-calist.pem"
tls_handshake_timeout=119
tls_ciphers_list=
"ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:KRB5-RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-RC4-SHA:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:ADH-DES-CBC3-SHA:ADH-RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:NULL-SHA:NULL-MD5"
#"NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
tls_send_timeout=121
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/openser/modules/auth.so"
#loadmodule "/usr/local/lib/openser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
#modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
#if(uri=~"@tls_domain1.net") {
# t_relay_to_tls("IP_domain1","port_domain1");
# exit;
#} else if(uri=~"@tls_domain2.net") {
# t_relay_to_tls("IP_domain2","port_domain2");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest
authentication
#if (!www_authorize("openser.org", "subscriber")) {
#www_challenge("openser.org", "0");
#exit;
#};
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
_______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
