Hi All,
Greeting.
I've been struggle with OpenSER TLS implementation for more than a week, since I've ported from UDP to TLS, everything work fine except the "BYE" request from Asterisk (loose route), my implementation was something like below:
[Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
My OpenSER.cfg already configured to listen on two port which is :- "tls:eth0:5061" and "udp:eth0:5060", client make p2p or PSTN (or even voicemail) having no problem, but when the callee disconnect the call, caller will never get hang up :(
I've attached my ethereal trace/ngrep to pastebin, http://pastebin.ca/673392
Wondering if anyone can help me with the broken "BYE" that returned from Asterisk ? Line #131, supposedly this line should have contain 2 Via header, one was "SIP/2.0/UDP" and another "SIP/2.0/TLS", but somehow the TLS via header was gone !! (compare to previous ACK (Line #117) /INVITE (Line #51). Due to the missing TLS via header, OpenSER log file was complaining "protocol/port mis-match".
The last BYE request (Line #256) is actually firing from Client, which contain the "TLS" via.
I've even tried "force_send_socket" to port 5061 (instead of 5060) from loose route, but it complaining TLS certificate error, since Asterisk doesn't support TLS natively, I've no clue why is the ACK/INVITE/CANCEL work but not BYE. if (loose_route) { .... if(is_method("BYE")) { force_send_socket(IP:5061); } }
Has any one gone through of this kinda OpenSER over TLS + Asterisk setup, I'm really appreciate if you can share your experience with me, or pin point what's the mistakes I made here.
Thanks in advance.
Regards, David Loh
The openser proxy should add 2 record-route header (TLS and UDP = double record route). This is why it does not work.
regards klaus
David Loh schrieb:
Hi All,
Greeting.
I've been struggle with OpenSER TLS implementation for more than a week, since I've ported from UDP to TLS, everything work fine except the "BYE" request from Asterisk (loose route), my implementation was something like below:
[Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
My OpenSER.cfg already configured to listen on two port which is :- "tls:eth0:5061" and "udp:eth0:5060", client make p2p or PSTN (or even voicemail) having no problem, but when the callee disconnect the call, caller will never get hang up :(
I've attached my ethereal trace/ngrep to pastebin, http://pastebin.ca/673392
Wondering if anyone can help me with the broken "BYE" that returned from Asterisk ? Line #131, supposedly this line should have contain 2 Via header, one was "SIP/2.0/UDP" and another "SIP/2.0/TLS", but somehow the TLS via header was gone !! (compare to previous ACK (Line #117) /INVITE (Line #51). Due to the missing TLS via header, OpenSER log file was complaining "protocol/port mis-match".
The last BYE request (Line #256) is actually firing from Client, which contain the "TLS" via.
I've even tried "force_send_socket" to port 5061 (instead of 5060) from loose route, but it complaining TLS certificate error, since Asterisk doesn't support TLS natively, I've no clue why is the ACK/INVITE/CANCEL work but not BYE. if (loose_route) { .... if(is_method("BYE")) { force_send_socket(IP:5061); } }
Has any one gone through of this kinda OpenSER over TLS + Asterisk setup, I'm really appreciate if you can share your experience with me, or pin point what's the mistakes I made here.
Thanks in advance.
Regards, David Loh
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi,
Yea, OpenSER proxy was add 2 record-route header for the INVITE/ACK ...but when asterisk disconnected the call and send BYE back to OpenSER, the TLS RR header wasn't present, the only 2 RR header was "SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP <Client_WAN_IP>" .... I'm puzzled ... is there any command to 'fix' this?
Regards, David Loh
Klaus Darilion wrote:
The openser proxy should add 2 record-route header (TLS and UDP = double record route). This is why it does not work.
regards klaus
David Loh schrieb:
Hi All,
Greeting.
I've been struggle with OpenSER TLS implementation for more than a week, since I've ported from UDP to TLS, everything work fine except the "BYE" request from Asterisk (loose route), my implementation was something like below:
[Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
My OpenSER.cfg already configured to listen on two port which is :- "tls:eth0:5061" and "udp:eth0:5060", client make p2p or PSTN (or even voicemail) having no problem, but when the callee disconnect the call, caller will never get hang up :(
I've attached my ethereal trace/ngrep to pastebin, http://pastebin.ca/673392
Wondering if anyone can help me with the broken "BYE" that returned from Asterisk ? Line #131, supposedly this line should have contain 2 Via header, one was "SIP/2.0/UDP" and another "SIP/2.0/TLS", but somehow the TLS via header was gone !! (compare to previous ACK (Line #117) /INVITE (Line #51). Due to the missing TLS via header, OpenSER log file was complaining "protocol/port mis-match".
The last BYE request (Line #256) is actually firing from Client, which contain the "TLS" via.
I've even tried "force_send_socket" to port 5061 (instead of 5060) from loose route, but it complaining TLS certificate error, since Asterisk doesn't support TLS natively, I've no clue why is the ACK/INVITE/CANCEL work but not BYE. if (loose_route) { .... if(is_method("BYE")) { force_send_socket(IP:5061); } }
Has any one gone through of this kinda OpenSER over TLS + Asterisk setup, I'm really appreciate if you can share your experience with me, or pin point what's the mistakes I made here.
Thanks in advance.
Regards, David Loh
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
David Loh -
Klaus Darilion