<div>Dear all,</div> <div> </div> <div>First I would like to say thanks to every body in this forum. Thank you very much..<BR>All, I am sorry for my message again. Sorry for the long message.<BR>I am in rush and panic. I have read the instruction in tls.htm about TLS configuration many times. But, Untill now, I can not build it. Maybe because of my lack understanding and skill.</div> <div> </div> <div>When I run "netstat -anp|grep 5061", I got this output message :</div> <div> </div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>[root@localhost root]# netstat -anp|grep 5061</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>tcp<SPAN style="mso-spacerun: yes"> </SPAN>0<SPAN style="mso-spacerun: yes"> </SPAN>0 202.95.149.251:5061<SPAN style="mso-spacerun: yes">
</SPAN>0.0.0.0:*<SPAN style="mso-spacerun: yes"> </SPAN>LISTEN</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>5099/openser</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>[root@localhost root]# netstat -anp|grep 5060</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>tcp<SPAN style="mso-spacerun: yes"> </SPAN>0<SPAN style="mso-spacerun: yes"> </SPAN>0 202.95.149.251:5060<SPAN style="mso-spacerun: yes"> </SPAN>0.0.0.0:*<SPAN style="mso-spacerun: yes"> </SPAN>LISTEN</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman"
size=3>5099/openser</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>udp<SPAN style="mso-spacerun: yes"> </SPAN>0<SPAN style="mso-spacerun: yes"> </SPAN>0 202.95.149.251:5060<SPAN style="mso-spacerun: yes"> </SPAN>0.0.0.0:*</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>5099/openser</FONT></div> <div> <div> </div> <div>From the output, I can see that the port 5061 (for TLS) can be loaded. </div> <div>But, why when I run "ngrep -d any...", there is no port 5061?</div> <div>Here is the output</div></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>U 202.95.149.3:5060 -> 202.95.149.251:5060</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun:
yes"> </SPAN>..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>####</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>POST / HTTP/1.1..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>##</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>Content-Length: 220..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman"
size=3>##</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>Content-Type: application/ipp..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>##</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>Host: localhost..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>##</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:32804 ->
127.0.0.1:631 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>##</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>........</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>##</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:631 -> 127.0.0.1:32804 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes">
</SPAN>HTTP/1.1 200 OK..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>#</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:631 -> 127.0.0.1:32804 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>Date: Fri, 22 Sep 2006 08:10:21 GMT..</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>##</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Times New Roman" size=3>T 127.0.0.1:631 -> 127.0.0.1:32804 [AP]</FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>Server: CUPS/1.1..Connection: Keep-Alive..Keep-Alive: timeout=60..Content-Language: C..Content-Type: application/ipp;
ch</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>arset=iso-8859-1..Content-Length: 81.............G..attributes-charset..utf-8H..attributes-natural-language..en-us.utf-8</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> </SPAN>.</FONT></FONT></div> <div class=MsoNormal style="MARGIN: 0cm 0cm 0pt">What should I do? Please help me..Please give me a suggestion. </div> <div> <div> </div> <div>These are the tasks that I have done before :<BR>1. I have added in DNS Records :</div> <div>pcr.ac.id IN NAPTR 50 50 "s" "SIPS+D2T" "" _sips._tcp.pcr.ac.id. pcr.ac.id IN NAPTR 60 40 "s" "SIP+D2T" "" _sip._tcp.pcr.ac.id.<BR>pcr.ac.id IN NAPTR 60 60 "s" "SIP+D2U" "" _sip._udp.pcr.ac.id</div> <div>2. Here is my openser.cfg configuration :</div>
<div>debug=9<BR>fork=no<BR>log_stderror=yes</div> <div>listen=202.95.149.251 # put your openserver IP address here<BR>port=5060<BR>children=4</div> <div>dns=no<BR>rev_dns=no</div> <div>fifo="/tmp/openser_fifo"<BR>fifo_db_url="mysql://openser:openserrw@localhost/openser"<BR>fifo_mode=0666<BR>alias="pcr.ac.id"<BR>tls_port_no=5061</div> <div># uncomment the following lines for TLS support<BR>disable_tls = 0<BR>listen = tls:202.95.149.251:5061<BR>#listen = udp:202.95.149.251:5060<BR>tls_verify_client = on<BR>tls_require_client_certificate = on<BR>tls_verify_server=on<BR>tls_method = TLSv1<BR>tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"<BR>tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"<BR>tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"</div> <div>loadmodule "/usr/local/lib/openser/modules/mysql.so"<BR>loadmodule "/usr/local/lib/openser/modules/sl.so"<BR>loadmodule
"/usr/local/lib/openser/modules/tm.so"<BR>loadmodule "/usr/local/lib/openser/modules/rr.so"<BR>loadmodule "/usr/local/lib/openser/modules/maxfwd.so"<BR>loadmodule "/usr/local/lib/openser/modules/usrloc.so"<BR>loadmodule "/usr/local/lib/openser/modules/registrar.so"<BR>loadmodule "/usr/local/lib/openser/modules/auth.so"<BR>loadmodule "/usr/local/lib/openser/modules/auth_db.so"<BR>loadmodule "/usr/local/lib/openser/modules/nathelper.so"<BR>loadmodule "/usr/local/lib/openser/modules/textops.so"<BR>loadmodule "/usr/local/lib/openser/modules/uri_db.so"<BR>loadmodule "/usr/local/lib/openser/modules/uri.so"<BR>loadmodule "/usr/local/lib/openser/modules/avpops.so"<BR>loadmodule "/usr/local/lib/openser/modules/domain.so"<BR>loadmodule "/usr/local/lib/openser/modules/permissions.so"</div> <div>modparam("auth_db|permissions|uri_db|usrloc","db_url", "mysql://openser:openserrw@localhost/openser")</div> <div>modparam("auth_db|uri_db|usrloc", "db_url",
"mysql://openser:openserrw@localhost/openser")</div> <div>modparam("auth_db", "calculate_ha1", 1)<BR>modparam("auth_db", "password_column", "password")</div> <div>modparam("nathelper", "natping_interval", 30) <BR>modparam("nathelper", "ping_nated_only", 1) <BR>modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")</div> <div>modparam("usrloc", "db_mode", 2)</div> <div>modparam("registrar", "nat_flag", 6)</div> <div>modparam("rr", "enable_full_lr", 1)</div> <div>modparam("tm", "fr_inv_timer", 27)<BR>modparam("tm", "fr_inv_timer_avp", "s:inv_timeout")</div> <div>modparam("permissions", "db_mode", 1)<BR>modparam("permissions", "trusted_table", "trusted")</div> <div><BR>route {</div> <div># -----------------------------------------------------------------<BR># Sanity Check Section<BR># -----------------------------------------------------------------<BR> if (!mf_process_maxfwd_header("10"))
{<BR> sl_send_reply("483", "Too Many Hops");<BR> return;<BR> };<BR> if (msg:len > max_len) {<BR> sl_send_reply("513", "Message Overflow");<BR> return;<BR> };</div> <div># -----------------------------------------------------------------<BR># Record Route Section<BR># -----------------------------------------------------------------<BR> if (method!="REGISTER") {<BR>
record_route();<BR> };<BR> if (method=="BYE" || method=="CANCEL") {<BR> unforce_rtp_proxy();<BR> } </div> <div># -----------------------------------------------------------------<BR># Loose Route Section<BR># -----------------------------------------------------------------<BR> if (loose_route()) {<BR> if (has_totag() && (method=="INVITE" || method=="ACK")) {<BR> if (nat_uac_test("19")) {<BR>
setflag(6);<BR> force_rport();<BR> fix_nated_contact();<BR> };<BR> force_rtp_proxy("l");<BR> };<BR>
route(1);<BR> return;<BR> };</div> <div># -----------------------------------------------------------------<BR># Call Type Processing Section<BR># -----------------------------------------------------------------</div> <div> if (uri!=myself) {<BR> <BR> route(5);<BR> route(1);<BR> return;<BR> };</div> <div> if (uri==myself) {</div> <div> if (method=="ACK") {<BR> route(6);<BR> return;<BR> } else if (method=="CANCEL")
{<BR> route(3);<BR> return;<BR> } else if (method=="INVITE") {<BR> route(3);<BR> return;<BR> } else if (method=="REGISTER")
{<BR> route(2);<BR> return;<BR> };</div> <div> lookup("aliases");<BR> if (uri!=myself) {<BR> route(5);<BR> route(1);<BR>
return;<BR> };</div> <div> if (!lookup("location")) {<BR> sl_send_reply("404", "Uopenser Not Found");<BR> return;<BR> };<BR> };</div> <div> route(1);<BR>}</div> <div>route[1] {</div> <div># -----------------------------------------------------------------<BR># Default Message Handler<BR>#
-----------------------------------------------------------------</div> <div> t_on_reply("1");</div> <div> if (!t_relay()) {<BR> if (method=="INVITE" && isflagset(6)) {<BR> unforce_rtp_proxy();<BR> };<BR> sl_reply_error();<BR> };<BR>}</div> <div>route[2] {</div> <div># -----------------------------------------------------------------<BR># REGISTER Message Handler<BR># ----------------------------------------------------------------</div>
<div> sl_send_reply("100", "Trying");</div> <div> if (!search("^Contact:\ +\*") && nat_uac_test("19")) {<BR> setflag(6);<BR> fix_nated_register();<BR> force_rport();<BR> };</div> <div> if (!www_authorize("pcr.ac.id","subscriber")) {<BR> www_challenge("pcr.ac.id","0");<BR> return;<BR> };</div> <div> if (!check_to())
{<BR> sl_send_reply("401", "Unauthorized");<BR> return;<BR> };</div> <div> consume_credentials();</div> <div> if (!save("location")) {<BR> sl_reply_error();<BR> };<BR>}</div> <div>route[3] {</div> <div># -----------------------------------------------------------------<BR># CANCEL and INVITE Message Handler<BR># -----------------------------------------------------------------</div> <div> <BR> if (nat_uac_test("19"))
{<BR> setflag(6);<BR> }<BR>#if (!allow_trusted() && nat_uac_test("19")) {<BR> # setflag(6);<BR> #}<BR> <BR> lookup("aliases");<BR> if (method=="INVITE" && !allow_trusted()) <BR> {<BR> if (!proxy_authorize("pcr.ac.id","subscriber")) { <BR> proxy_challenge("pcr.ac.id","0");<BR> return;<BR> } else if (!check_from()) {<BR> sl_send_reply("403", "Use From=ID");<BR> return;<BR> };<BR> consume_credentials();<BR> };<BR> if (uri=~"^sip:9[0-9]*@")
{<BR> route(4);<BR> return;<BR> };</div> <div> if (uri!=myself) {<BR> route(5);<BR> route(1);<BR> return;<BR> };</div> <div> if (!lookup("location")) {<BR> if (uri=~"^sip:[0-9]{10}@") {<BR> route(4);<BR> return;<BR> };</div> <div> sl_send_reply("404", "Uopenser Not Found");<BR> return;<BR> };</div> <div> if (method=="CANCEL")
{<BR> route(1);<BR> return;<BR> }</div> <div> if (isflagset(6)) {<BR> force_rport();<BR> fix_nated_contact();<BR> force_rtp_proxy();<BR> };</div> <div> t_on_reply("1");</div> <div> if (!t_relay()) {<BR> if(isflagset(6)) {<BR>
unforce_rtp_proxy();<BR> }<BR> sl_reply_error();<BR> };<BR>}</div> <div>route[4] {</div> <div> # -----------------------------------------------------------------<BR> # PSTN Handler<BR> # -----------------------------------------------------------------</div> <div> rewritehostport("202.95.149.254:5060"); # INOPENSERT YOUR PSTN GATEWAY IP ADDRESS</div> <div># avp_write("i:45", "inv_timeout");</div> <div> #if (!allow_trusted() && isflagset(6)) {<BR> if (isflagset(6)) {<BR> force_rport();<BR>
fix_nated_contact();<BR> force_rtp_proxy();<BR> };</div> <div> route(1);<BR> }</div> <div>onreply_route[1] {</div> <div> if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") {<BR> if (!search("^Content-Length:\ +0")) {<BR> force_rtp_proxy();<BR> };<BR> };</div> <div> if (nat_uac_test("1"))
{<BR> fix_nated_contact();<BR> };<BR>}</div> <div><BR>What should I add in openser.cfg? Please help..Please..</div> <div>Thank you very much,</div> <div>Regards,</div> <div> </div> <div>Ferianto<BR></div> <div> </div></div><p> 
                <hr size=1>Do you Yahoo!?<br> Everyone is raving about the <a href="http://us.rd.yahoo.com/evt=42297/*http://advision.webevents.yahoo.com/mailbeta"> all-new Yahoo! Mail.</a>