Hi Klaus,
The $ru trick works perfectly (without resetdsturi()) ! Now the disconnection (hang up) is handled properly.
Thank a million.
Regards, David Loh
Klaus Darilion wrote:
Klaus Darilion schrieb:
David Loh schrieb:
Hi Klaus,
So in order to make it work, the RURI of Asterisk uses should contain "transport=TLS" right.
yes
if the "transport=TLS" can be appended to the SIP message, the disconnection shall be handle properly ?
yes
Currently I'm struggling w/ subst/subst_uri ... it's seems the Regex textops module used was slightly different from Unix, I do "subst('/^BYE(.*)SIP/2.0/BYE\1;transport=TLS SIP/2.0/ ');" but it doesn't work ... I'm not sure if subst able to alter the header but if it doesn't, is there any command that I can use to alter the BYE header ?
There is no need to use subst - just rewrite the request URI. E.g. in openser 1.2 the following should work:
if (loose_route()) { ... if (src_ip == ip.address.of.asterisk) { $ru = $ru + ";transport=tls";
I do not know for sure, but maybe it is necessary to reset the duri (may be set during loose_route()):
resetdsturi();} ... t_relay(); exit; }
regards klaus
Thanks, David Loh
Klaus Darilion wrote:
Route headers are fine - the problem is the RURI of the BYE:
See the Contact header of the INVITE: Contact: sip:davidloh@x.x.80.178:4294;transport=TLS
This URI must be used in the RURI of the BYE, but Asterisk uses: BYE sip:davidloh@x.x.80.178:4294 SIP/2.0
Thus, the proxy forwards the request with UDP instead of TLS. Thus, this is a bug in Asterisk. Try update Asterisk. Try looking at Asterisk Bug tracker for this bug. If you are unlucky, open a bug report on the Asterisk bug tracker (bugs.digium.com)
regards klaus
David Loh schrieb:
Hi,
Arrggghh .. that's one of my attempts to eliminate the broken "BYE" problem... that's ngrep was captured when I set "modparam("rr", "enable_double_rr", "0");", I've paste another ngrep to http://pastebin.ca/674450, this time the double RR header is enabled. And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to decrypt the post is "openser").
Even though double RR header is enabled, but for BYE it's still doesn't process properly :( For the .cfg file line #130 onward, I did tried t_relay, forward and force_send_socket, but none of this will do the trick (force_send_socket was complaining TLS error due to missing certificate (?) ) Would appreciate if anyone could enlighten me why is this happen ?
Thanks, David Loh
Klaus Darilion wrote:
But the INVITE you posted at http://pastebin.ca/673392 also has only one Record-Route header.
regards klaus
David Loh schrieb: > Hi, > > Yea, OpenSER proxy was add 2 record-route header for the > INVITE/ACK ...but when asterisk disconnected the call and send > BYE back to OpenSER, > the TLS RR header wasn't present, the only 2 RR header was > "SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP <Client_WAN_IP>" .... > I'm puzzled ... is there any command to 'fix' this? > > > Regards, > David Loh > > Klaus Darilion wrote: >> The openser proxy should add 2 record-route header (TLS and UDP >> = double record route). This is why it does not work. >> >> regards >> klaus >> >> David Loh schrieb: >>> Hi All, >>> >>> Greeting. >>> >>> I've been struggle with OpenSER TLS implementation for more >>> than a week, since I've ported from UDP to TLS, everything >>> work fine except the "BYE" request from Asterisk (loose >>> route), my implementation was something like below: >>> >>> [Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk] >>> >>> My OpenSER.cfg already configured to listen on two port which >>> is :- "tls:eth0:5061" and "udp:eth0:5060", client make p2p or >>> PSTN (or even voicemail) having no problem, >>> but when the callee disconnect the call, caller will never get >>> hang up :( >>> >>> I've attached my ethereal trace/ngrep to pastebin, >>> http://pastebin.ca/673392 >>> >>> Wondering if anyone can help me with the broken "BYE" that >>> returned from Asterisk ? >>> Line #131, supposedly this line should have contain 2 Via >>> header, one was "SIP/2.0/UDP" and another "SIP/2.0/TLS", >>> but somehow the TLS via header was gone !! (compare to >>> previous ACK (Line #117) /INVITE (Line #51). >>> Due to the missing TLS via header, OpenSER log file was >>> complaining "protocol/port mis-match". >>> >>> The last BYE request (Line #256) is actually firing from >>> Client, which contain the "TLS" via. >>> >>> >>> I've even tried "force_send_socket" to port 5061 (instead of >>> 5060) from loose route, but it complaining TLS certificate error, >>> since Asterisk doesn't support TLS natively, I've no clue why >>> is the ACK/INVITE/CANCEL work but not BYE. >>> if (loose_route) { >>> .... >>> if(is_method("BYE")) { force_send_socket(IP:5061); } >>> } >>> >>> >>> Has any one gone through of this kinda OpenSER over TLS + >>> Asterisk setup, >>> I'm really appreciate if you can share your experience with >>> me, or pin point what's the mistakes I made here. >>> >>> Thanks in advance. >>> >>> Regards, >>> David Loh >>> >>> >>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users@openser.org >>> http://openser.org/cgi-bin/mailman/listinfo/users >> >> > >
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users