19 Mar
2008
19 Mar
'08
1:52 p.m.
Hi All
My UA cant connect to tls on my openser server, as per logs everything
seems fine ..I don't know why it disconnects in the end ..the log is
http://java.pastebin.ca/948774
My TLS settings are
/* uncomment the following lines to enable TLS support (default off) */
#disable_tls = yes
disable_tls = no
listen = tls:xx.xx.x.xx.x
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
#tls_certificate = "/usr/local/eyeball/license/cert.pem"
#tls_private_key = "/usr/local/eyeball/license/privkey.pem"
#tls_ca_list = "/usr/local/eyeball/license/splendor3.crtpvk.pem"
tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
#port=5060
/* uncomment and configure the following line if you want openser to
bind on a specific interface/port/proto (default bind on all
available) */
listen=udp:87.236.144.13:5060
#listen=tcp:87.236.144.12:5060
sip_warning=yes
25 Mar
25 Mar
12:01 p.m.
Hi Ali,
The REGISTER gets to the server and it is processed by the routing
script - your script tries to relay the request to another destination:
Mar 19 12:04:42 [29280] DBG:tm:t_relay_to: new transaction fwd'ed
I would say the problem is on the cfg script and not in TLS part.
Regards,
Bogdan
Ali Jawad wrote:
Hi All
My UA cant connect to tls on my openser server, as per logs everything
seems fine ..I don’t know why it disconnects in the end ..the log is
http://java.pastebin.ca/948774
My TLS settings are
/* uncomment the following lines to enable TLS support (default off) */
#disable_tls = yes
disable_tls = no
listen = tls:xx.xx.x.xx.x
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
#tls_certificate = "/usr/local/eyeball/license/cert.pem"
#tls_private_key = "/usr/local/eyeball/license/privkey.pem"
#tls_ca_list = "/usr/local/eyeball/license/splendor3.crtpvk.pem"
tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
#port=5060
/* uncomment and configure the following line if you want openser to
bind on a specific interface/port/proto (default bind on all available) */
listen=udp:87.236.144.13:5060
#listen=tcp:87.236.144.12:5060
sip_warning=yes
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
1:20 p.m.
Hi Bodgan
Thank you for your help
I had the following "now commented" statement in route[1]
route[1] {
xlog("L_INFO","rewritehostport to VOIP_GW:5060");
## Removed On 1.36 25 03 08
## sethostport("xx.xx.xx.xx:5060");
if (subst_uri('/(sip:.*);nat=yes/\1/')){
setbflag(6);
};
if (isflagset(5)||isbflagset(6)) {
route(3);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
I commented it out as you can see now I cant login either but I am
getting these errors
Forbidden and Unauthorized
Another thing I would like to mention is that it worked with non TLS
clients using the previous setups.
Thx for your help so far.
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro]
Sent: Tuesday, March 25, 2008 1:02 PM
To: Ali Jawad
Cc: users(a)lists.openser.org
Subject: Re: [OpenSER-Users] UA Cant Connect To TLS
Hi Ali,
The REGISTER gets to the server and it is processed by the routing
script - your script tries to relay the request to another destination:
Mar 19 12:04:42 [29280] DBG:tm:t_relay_to: new transaction fwd'ed
I would say the problem is on the cfg script and not in TLS part.
Regards,
Bogdan
Ali Jawad wrote:
Hi All
My UA cant connect to tls on my openser server, as per logs everything
seems fine ..I don't know why it disconnects in
the end ..the log is
http://java.pastebin.ca/948774
My TLS settings are
/* uncomment the following lines to enable TLS support (default off)
*/
#disable_tls = yes
disable_tls = no
listen = tls:xx.xx.x.xx.x
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
#tls_certificate = "/usr/local/eyeball/license/cert.pem"
#tls_private_key = "/usr/local/eyeball/license/privkey.pem"
#tls_ca_list = "/usr/local/eyeball/license/splendor3.crtpvk.pem"
tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
#port=5060
/* uncomment and configure the following line if you want openser to
bind on a specific interface/port/proto (default bind on all
available) */
listen=udp:87.236.144.13:5060
#listen=tcp:87.236.144.12:5060
sip_warning=yes
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
26 Mar
26 Mar
2:06 p.m.
Hi Ali,
but the script you listed doesn't seam to be related to REGISTER
processing....for a GW forwarding.
Regards,
Bogdan
Ali Jawad wrote:
Hi Bodgan
Thank you for your help
I had the following "now commented" statement in route[1]
route[1] {
xlog("L_INFO","rewritehostport to VOIP_GW:5060");
## Removed On 1.36 25 03 08
## sethostport("xx.xx.xx.xx:5060");
if (subst_uri('/(sip:.*);nat=yes/\1/')){
setbflag(6);
};
if (isflagset(5)||isbflagset(6)) {
route(3);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
I commented it out as you can see now I cant login either but I am
getting these errors
Forbidden and Unauthorized
Another thing I would like to mention is that it worked with non TLS
clients using the previous setups.
Thx for your help so far.
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro]
Sent: Tuesday, March 25, 2008 1:02 PM
To: Ali Jawad
Cc: users(a)lists.openser.org
Subject: Re: [OpenSER-Users] UA Cant Connect To TLS
Hi Ali,
The REGISTER gets to the server and it is processed by the routing
script - your script tries to relay the request to another destination:
Mar 19 12:04:42 [29280] DBG:tm:t_relay_to: new transaction fwd'ed
I would say the problem is on the cfg script and not in TLS part.
Regards,
Bogdan
Ali Jawad wrote:
Hi All
My UA cant connect to tls on my openser server, as per logs everything
seems fine ..I don't know why it disconnects
in the end ..the log is
http://java.pastebin.ca/948774
My TLS settings are
/* uncomment the following lines to enable TLS support (default off)
*/
#disable_tls = yes
disable_tls = no
listen = tls:xx.xx.x.xx.x
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
#tls_certificate = "/usr/local/eyeball/license/cert.pem"
#tls_private_key = "/usr/local/eyeball/license/privkey.pem"
#tls_ca_list = "/usr/local/eyeball/license/splendor3.crtpvk.pem"
tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
#port=5060
/* uncomment and configure the following line if you want openser to
bind on a specific interface/port/proto (default bind on all
available) */
listen=udp:87.236.144.13:5060
#listen=tcp:87.236.144.12:5060
sip_warning=yes
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
2:14 p.m.
Thanks for your help and interest Bogdan..I know you are busy..I know
that my script is related to the GW forwarding but that is the only
thing related RELAY that I do "With reference to your first replay"
My config is http://pastebin.com/m45551815
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro]
Sent: Wednesday, March 26, 2008 3:07 PM
To: Ali Jawad
Cc: users(a)lists.openser.org
Subject: Re: [OpenSER-Users] UA Cant Connect To TLS
Hi Ali,
but the script you listed doesn't seam to be related to REGISTER
processing....for a GW forwarding.
Regards,
Bogdan
Ali Jawad wrote:
> seems fine ..I don't know why it disconnects in the end ..the log is
> http://java.pastebin.ca/948774
>
> My TLS settings are
>
> /* uncomment the following lines to enable TLS support (default off)
*/
> #disable_tls = yes
>
> disable_tls = no
>
> listen = tls:xx.xx.x.xx.x
>
> tls_verify_server = 1
>
> tls_verify_client = 1
>
> tls_require_client_certificate = 0
>
> tls_method = TLSv1
>
> #tls_certificate = "/usr/local/eyeball/license/cert.pem"
>
> #tls_private_key = "/usr/local/eyeball/license/privkey.pem"
>
> #tls_ca_list = "/usr/local/eyeball/license/splendor3.crtpvk.pem"
>
> tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
>
> tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
>
> tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
>
> #port=5060
>
> /* uncomment and configure the following line if you want openser to
>
> bind on a specific interface/port/proto (default bind on all
available) */
> listen=udp:87.236.144.13:5060
>
> #listen=tcp:87.236.144.12:5060
>
> sip_warning=yes
>
>
------------------------------------------------------------------------
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hi Bodgan
Thank you for your help
I had the following "now commented" statement in route[1]
route[1] {
xlog("L_INFO","rewritehostport to VOIP_GW:5060");
## Removed On 1.36 25 03 08
## sethostport("xx.xx.xx.xx:5060");
if (subst_uri('/(sip:.*);nat=yes/\1/')){
setbflag(6);
};
if (isflagset(5)||isbflagset(6)) {
route(3);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
I commented it out as you can see now I cant login either but I am
getting these errors
Forbidden and Unauthorized
Another thing I would like to mention is that it worked with non TLS
clients using the previous setups.
Thx for your help so far.
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro]
Sent: Tuesday, March 25, 2008 1:02 PM
To: Ali Jawad
Cc: users(a)lists.openser.org
Subject: Re: [OpenSER-Users] UA Cant Connect To TLS
Hi Ali,
The REGISTER gets to the server and it is processed by the routing
script - your script tries to relay the request to another
destination:
Mar 19 12:04:42 [29280] DBG:tm:t_relay_to: new
transaction fwd'ed
I would say the problem is on the cfg script and not in TLS part.
Regards,
Bogdan
Ali Jawad wrote:
> Hi All
>
> My UA cant connect to tls on my openser server, as per logs
everything
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
6093
days inactive
6100
days old
4 comments
2 participants
participants (2)
-
Ali Jawad -
Bogdan-Andrei Iancu