Hi all,
I was playing around with the "config" modparam to specify and use a TLS configuration file instead of inline modparams inside kamailio.cfg.
I did some testing and when I went to try with IPv6 I run into a little doubt??
tls.cfg config example:
[server:1.2.3.4:5061] <----- How do you put an IPv6 in there? method = TLSv1 verify_certificate = yes require_certificate = no private_key = /usr/local/etc/kamailio/tls/local_key.pem certificate = /usr/local/etc/kamailio/tls/local_cert.pem verify_depth = 3 ca_list = local_ca.pem crl = local_crl.pem
Applying the logic of the "listen" param, it should be:
[server:[AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH]:5061]
But it just seems totally wrong and I haven't found anything in the docs.
Any suggestions?
Thanks, Joel.
Hi All,
Just a follow-up:
I was able to do some more test in lab last night, this format works as long as you have the equivalent `listen` param in kamailio.cfg:
...kamailio.cfg:
listen=tls:[AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH]:5061 ...
...tls.cfg:
[server:[AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH]:5061] ...
Can anyone add a little note in the documentation? (or point me to how I can do it myself)
Thanks, Joel.
On Tue, Jun 12, 2018 at 6:22 PM, Joel Serrano joel@textplus.com wrote:
Hi all,
I was playing around with the "config" modparam to specify and use a TLS configuration file instead of inline modparams inside kamailio.cfg.
I did some testing and when I went to try with IPv6 I run into a little doubt??
tls.cfg config example:
[server:1.2.3.4:5061] <----- How do you put an IPv6 in there? method = TLSv1 verify_certificate = yes require_certificate = no private_key = /usr/local/etc/kamailio/tls/local_key.pem certificate = /usr/local/etc/kamailio/tls/local_cert.pem verify_depth = 3 ca_list = local_ca.pem crl = local_crl.pem
Applying the logic of the "listen" param, it should be:
[server:[AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH]:5061]
But it just seems totally wrong and I haven't found anything in the docs.
Any suggestions?
Thanks, Joel.
Am Mittwoch, 13. Juni 2018, 18:48:57 CEST schrieb Joel Serrano:
Just a follow-up:
I was able to do some more test in lab last night, this format works as long as you have the equivalent `listen` param in kamailio.cfg:
...kamailio.cfg:
listen=tls:[AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH]:5061 ...
...tls.cfg:
[server:[AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH]:5061] ...
Can anyone add a little note in the documentation? (or point me to how I can do it myself)
Hello Joel,
thank you for the follow up.
For the kamailio.cfg - you can just add it by yourself in the wiki. If you don't have an account yet, its simple to register as well.
For the TLS module docs - you can just create a pull request in github, or if you don't have an account there, just send me a simple patch of the new file.
Best regards,
Henning
-
Henning Westerholt -
Joel Serrano