<div dir="ltr"><div>Hi all,</div><div><br></div><div>i try to configure an SBC OS config [1] based kamailio 5.2.3 [2] with dispatcher and rtpengine.</div><div>I used transport=tcp to see the plain traffic and then switched to TLS (with tls.cfg, valid certificate and stuff).</div><div><br></div><div>After starting up, the Target is marked as "down".</div><div>Due the encryption its hard to debug that. <br></div><div>Any hints? Did i made an mistake in the configuration?</div><div><br></div><div>TLS calls from the target to my kamailio proxy works. So its "half broken" :) at the moment.</div><div><br></div><div>[1]</div><div><a href="https://github.com/voiceboys/sbcOS/blob/master/SbcOS/configs/voice/kamailio/kamailio.cfg">https://github.com/voiceboys/sbcOS/blob/master/SbcOS/configs/voice/kamailio/kamailio.cfg</a> <br></div><div><br></div><div>[2]</div><div>kamailio -v</div><div>version: kamailio 5.2.3 (x86_64/linux) c36229<br>flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES<br>ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB<br>poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.<br>id: c36229<br>compiled on 11:28:11 May 22 2019 with gcc 4.8.5<br></div><br><br>-- %< --------------------- kamctl dispatcher dump<br> "SET": {<br> "ID": 1004,<br> "TARGETS": [{<br> "DEST": {<br> "URI": "sip:<a href="http://sip101.example.de">sip101.example.de</a>;transport=tls",<br> "FLAGS": "TP",<br> "PRIORITY": 0,<br> "ATTRS": {<br> "BODY": "access=212.xx.xx.xx:5061;socket=tls:212.xx.xx.xx:5061;weight=100;ping_from=sip:<a href="http://mykamailio.example.de">mykamailio.example.de</a>",<br> "DUID": "",<br> "MAXLOAD": 0,<br> "WEIGHT": 100,<br> "RWEIGHT": 0,<br> "SOCKET": "tls:212.xx.xx.xx:5061"<br> },<br> "LATENCY": {<br> "AVG": 30000,<br> "STD": 0,<br> "EST": 30000,<br> "MAX": 30000,<br> "TIMEOUT": 1<br> }<br> }<br> }]<br> }<br> },<br>-- %< --------------------- kamctl dispatcher dump <br><div> <br> WARNING: <script>: Destination down: OPTIONS ru=<a href="http://sip101.example.de">sip101.example.de</a>;transport=tls du=<null><div><br></div><div><br></div><div>-- %< --------------------- tls.cfg</div><div>[server:default]<br>method = TLSv1<br>verify_certificate = no<br>require_certificate = no<br>private_key = /etc/pki/tls/private/mykamailio.example.de.pem<br>certificate = /etc/pki/tls/private/mykamailio.example.de.pem<br>server_name = <a href="http://mykamailio.example.de">mykamailio.example.de</a><br><br>[server:212.xx.xx.xx:5061]<br>method = TLSv1+<br>verify_certificate = no<br>require_certificate = no<br><br>private_key = /etc/pki/tls/private/mykamailio.example.de.pem<br>certificate = /etc/pki/tls/private/mykamailio.example.de.pem<br>server_name = <a href="http://mykamailio.example.de">mykamailio.example.de</a><br><br># This is the default client domain, settings<br># in this domain will be used for all outgoing<br># TLS connections that do not match any other<br># client domain in this configuration file.<br># We require that servers present valid certificate.<br>#<br><br>[client:
212.xx.xx.xx:5061]<br>method = TLSv1+<br>verify_certificate = no<br>require_certificate = no<br><br>private_key = /etc/pki/tls/private/mykamailio.example.de.pem<br>certificate = /etc/pki/tls/private/mykamailio.example.de.pem<br>server_name = <a href="http://mykamailio.example.de">mykamailio.example.de</a><br><br>[client:default]<br>verify_certificate = no<br>require_certificate = no<br></div><div><br></div><div>-- %< --------------------- tls.cfg <br></div><div><br></div><div>Cheers Karsten<br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Mit freundlichen Grüßen<br>*Karsten Horsmann*<br></div></div></div></div>