Hey @Jonathan Aquilina,

 

This shouldn’t be the issue as without the TLS module, I can have a connectivity between the two docker

 

Best regards,

Timothy

 

From: Jonathan Aquilina <jaquilina@eagleeyet.net>
Sent: Wednesday, June 25, 2025 1:30 PM
To: Timothy Delin <timothy.delin@singtel.com>; Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Who AmI <myfriendjohn1@gmail.com>
Subject: RE: [SR-Users] Re: kamailio tls module not loading

 

[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.

___

Hi Timothy,

 

Have you checked to see there is no firewall blocking traffic?

 

Regards,

Jonathan

From: Timothy Delin <timothy.delin@singtel.com>
Sent: 25 June 2025 05:53
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Who AmI <myfriendjohn1@gmail.com>; Jonathan Aquilina <jaquilina@eagleeyet.net>
Subject: RE: [SR-Users] Re: kamailio tls module not loading

 

Hey Jonathan,

 

I can confirm that this IP address is only used for the Kamailio TLS listener based on the netstat command.

 

/usr/src/kamailio # netstat -tuln | grep 5063

tcp        0      0 192.168.254.19:5063     0.0.0.0:*               LISTEN


I am not sure if I should have a separate listener and outgoing port for listener.

 

Best regards,

Timothy

 

 

From: Jonathan Aquilina <jaquilina@eagleeyet.net>
Sent: Wednesday, June 25, 2025 11:41 AM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Who AmI <myfriendjohn1@gmail.com>; Timothy Delin <timothy.delin@singtel.com>
Subject: RE: [SR-Users] Re: kamailio tls module not loading

 

[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.

___

Hi Timothy,

 

This line is the give all tell all here:

 

0(1) DEBUG: <core> [core/tcp_main.c:1305]: find_listening_sock_info(): binding to source address 192.168.254.19:5061 failed: [Address in ue] [98]

 

 

Address in use im guessing that should say. Can you confirm there are no ip conflicts with another container using the same ip address?

 

Regards,

Jonathan

From: Timothy Delin via sr-users <sr-users@lists.kamailio.org>
Sent: 25 June 2025 03:40
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Who AmI <myfriendjohn1@gmail.com>; Timothy Delin <timothy.delin@singtel.com>
Subject: [SR-Users] Re: kamailio tls module not loading

 

Hey John,

 

Apologies on the late reply, was away for the whole week.

 

All your questions have been checked and ruled out.

 

However, I still not able to resolve it. Hence, I decided to approach it differently with manual loadparam

 

loadmodule "tls.so"

#modparam("tls", "config", "/etc/kamailio/tls/tls.cfg")

modparam("tls", "tls_method", "TLSv1.2+")  # Force TLS 1.2+ for all connections

modparam("tls","require_certificate",1)

modparam("tls","verify_certificate",1)

modparam("tls","verify_depth",9)

modparam("tls","certificate","/etc/kamailio/tls/certificate.pem")

modparam("tls","private_key","/etc/kamailio/tls/private_key.pem")

modparam("tls","ca_list","/etc/kamailio/tls/server_cas.pem")

 

Now it is showing that the TLS connectivity exist, but I know can’t let the Kamailio docker run properly and I keep receiving this log message

0(1) DEBUG: <core> [core/tcp_main.c:1305]: find_listening_sock_info(): binding to source address 192.168.254.19:5061 failed: [Address in ue] [98]

0(1) DEBUG: tls [tls_server.c:242]: tls_complete_init(): completing tls connection initialization

0(1) DEBUG: tls [tls_server.c:204]: tls_get_connect_server_name(): xavp with outbound server name not found

0(1) DEBUG: tls [tls_server.c:178]: tls_get_connect_server_id(): xavp with outbound server id not found

0(1) DEBUG: tls [tls_server.c:185]: tls_get_connect_server_id(): outbound server id not set

 

Just to confirm, does it mean that I cant be using the TLS listen port and output port the same?

 

Best regards,

Timothy

 

From: Who AmI <myfriendjohn1@gmail.com>
Sent: Monday, June 16, 2025 6:31 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Timothy Delin <timothy.delin@singtel.com>
Subject: Re: [SR-Users] kamailio tls module not loading

 

[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.

___

Hi there, 

 

A few quick questions just to rule out the simple stuff.

 

- I don't see it, but I assume you have added "loadmodule "tls.so"" to the cfg?

- In the file: /etc/kamailio/modules/tls.cfg - this points to the path where the certs are - is that path accessible by the kamailio process for read access? (0600 with owner kamailio or 644 with owner root etc)

- Correctly named path and cert name as well in the above file?

 

Hope this helps. 

 

John.

 

On Mon, 16 Jun 2025 at 10:30, Timothy Delin via sr-users <sr-users@lists.kamailio.org> wrote:

Hi everyone,

 

I am facing an issue where I cannot load the TLS module in my Kamailio server. I keep receiving this error message

 

"0(1) ERROR: <core> [core/sr_module.c:529]: ksr_locate_module(): could not find module <tls> in </usr/local/lib64/kamailio/modules>

 0(1) CRITICAL: <core> [core/cfg.y:4015]: yyerror_at(): parse error in config file /etc/kamailio/modules/tls.cfg, line 1, column 12-19: failed to load module"

 

The Kamailio that I run has this configuration

 

version: kamailio 5.8.6 (x86_64/linux) 6c71d5
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 6c71d5
compiled on 04:12:34 Jun  6 2025 with gcc 12.2.1

-------------------------------------------------------------------

#global.cfg

debug=2

log_stderror=no

 

memdbg=5

memlog=5

 

log_facility=LOG_LOCAL0

log_prefix="{$mt $hdr(CSeq) $ci} "

 

/* number of SIP routing processes */

children=2

 

/* Defining interfaces */

#!substdef "!PUBLICIP!$env(PUBLICIP)!"

#!substdef "!UDPPORT!$env(UDPPORT)!"

#!substdef "!PUBLIC_UDP_SOCKET!udp:PUBLICIP:UDPPORT!"

/* Need for TLS Support */

#!substdef "!PUBLIC_TLS_SOCKET!TLS:PUBLICIP:5061!"

 

#!substdef "!COREIP!$env(COREIP)!"

#!substdef "!UDPPORT!$env(UDPPORT)!"

#!substdef "!CORE_UDP_SOCKET!udp:COREIP:UDPPORT!"

#!substdefs "!CORESUBNET!$env(CORESUBNET)!"

/* listen addresses */

listen=PUBLIC_UDP_SOCKET

listen=CORE_UDP_SOCKET

 

/* Need for TLS Support */

listen=tls:0.0.0.0:5061

 

#!substdef "!DBUSERNAME!$env(DBUSERNAME)!"

#!substdef "!DBPASSWORD!$env(DBPASSWORD)!"

#!substdef "!DBHOST!$env(DBHOST)!"

#!substdef "!DBNAME!$env(DBNAME)!"

 

#!define DBURL "mysql://DBUSERNAME:DBPASSWORD@DBHOST/DBNAME"

----------------------------------------------------------------

#kamailio.cfg

 

####### Enable TLS  ########

enable_tls=yes

 

####### Core Modules Section ########

include_file "/etc/kamailio/modules-core.cfg"

 

####### Global Parameters #########

include_file "/etc/kamailio/globals.cfg"

 

####### Other Modules Section ########

include_file "/etc/kamailio/modules.cfg"

 

####### Custom Parameters #########

 

/* These parameters can be modified runtime via RPC interface

 * - see the documentation of 'cfg_rpc' module.

 *

 * Format: group.id = value 'desc' description

 * Access: $sel(cfg_get.group.id) or @cfg_get.group.id */

 

####### Routing Logic ########

include_file "/etc/kamailio/routes.cfg"

 

 

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org
To unsubscribe send an email to sr-users-leave@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!



Links contained in this email have been replaced. If you click on a link in the email above, the link will be analyzed for known threats. If a known threat is found, you will not be able to proceed to the destination. If suspicious content is detected, you will see a warning.