Hi Timothy,
Have you checked to see there is no firewall blocking traffic?
Regards, Jonathan From: Timothy Delin timothy.delin@singtel.com Sent: 25 June 2025 05:53 To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: Who AmI myfriendjohn1@gmail.com; Jonathan Aquilina jaquilina@eagleeyet.net Subject: RE: [SR-Users] Re: kamailio tls module not loading
Hey Jonathan,
I can confirm that this IP address is only used for the Kamailio TLS listener based on the netstat command.
/usr/src/kamailio # netstat -tuln | grep 5063 tcp 0 0 192.168.254.19:5063 0.0.0.0:* LISTEN
I am not sure if I should have a separate listener and outgoing port for listener.
Best regards, Timothy
From: Jonathan Aquilina <jaquilina@eagleeyet.netmailto:jaquilina@eagleeyet.net> Sent: Wednesday, June 25, 2025 11:41 AM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Who AmI <myfriendjohn1@gmail.commailto:myfriendjohn1@gmail.com>; Timothy Delin <timothy.delin@singtel.commailto:timothy.delin@singtel.com> Subject: RE: [SR-Users] Re: kamailio tls module not loading
[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.
___ Hi Timothy,
This line is the give all tell all here:
0(1) DEBUG: <core> [core/tcp_main.c:1305]: find_listening_sock_info(): binding to source address 192.168.254.19:5061 failed: [Address in ue] [98]
Address in use im guessing that should say. Can you confirm there are no ip conflicts with another container using the same ip address?
Regards, Jonathan From: Timothy Delin via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Sent: 25 June 2025 03:40 To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Who AmI <myfriendjohn1@gmail.commailto:myfriendjohn1@gmail.com>; Timothy Delin <timothy.delin@singtel.commailto:timothy.delin@singtel.com> Subject: [SR-Users] Re: kamailio tls module not loading
Hey John,
Apologies on the late reply, was away for the whole week.
All your questions have been checked and ruled out.
However, I still not able to resolve it. Hence, I decided to approach it differently with manual loadparam
loadmodule "tls.so" #modparam("tls", "config", "/etc/kamailio/tls/tls.cfg") modparam("tls", "tls_method", "TLSv1.2+") # Force TLS 1.2+ for all connections modparam("tls","require_certificate",1) modparam("tls","verify_certificate",1) modparam("tls","verify_depth",9) modparam("tls","certificate","/etc/kamailio/tls/certificate.pem") modparam("tls","private_key","/etc/kamailio/tls/private_key.pem") modparam("tls","ca_list","/etc/kamailio/tls/server_cas.pem")
Now it is showing that the TLS connectivity exist, but I know can't let the Kamailio docker run properly and I keep receiving this log message
0(1) DEBUG: <core> [core/tcp_main.c:1305]: find_listening_sock_info(): binding to source address 192.168.254.19:5061 failed: [Address in ue] [98] 0(1) DEBUG: tls [tls_server.c:242]: tls_complete_init(): completing tls connection initialization 0(1) DEBUG: tls [tls_server.c:204]: tls_get_connect_server_name(): xavp with outbound server name not found 0(1) DEBUG: tls [tls_server.c:178]: tls_get_connect_server_id(): xavp with outbound server id not found 0(1) DEBUG: tls [tls_server.c:185]: tls_get_connect_server_id(): outbound server id not set
Just to confirm, does it mean that I cant be using the TLS listen port and output port the same?
Best regards, Timothy
From: Who AmI <myfriendjohn1@gmail.commailto:myfriendjohn1@gmail.com> Sent: Monday, June 16, 2025 6:31 PM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Timothy Delin <timothy.delin@singtel.commailto:timothy.delin@singtel.com> Subject: Re: [SR-Users] kamailio tls module not loading
[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.
___ Hi there,
A few quick questions just to rule out the simple stuff.
- I don't see it, but I assume you have added "loadmodule "tls.so"" to the cfg? - In the file: /etc/kamailio/modules/tls.cfg - this points to the path where the certs are - is that path accessible by the kamailio process for read access? (0600 with owner kamailio or 644 with owner root etc) - Correctly named path and cert name as well in the above file?
Hope this helps.
John.
On Mon, 16 Jun 2025 at 10:30, Timothy Delin via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> wrote: Hi everyone,
I am facing an issue where I cannot load the TLS module in my Kamailio server. I keep receiving this error message
"0(1) ERROR: <core> [core/sr_module.c:529]: ksr_locate_module(): could not find module <tls> in </usr/local/lib64/kamailio/modules> 0(1) CRITICAL: <core> [core/cfg.y:4015]: yyerror_at(): parse error in config file /etc/kamailio/modules/tls.cfg, line 1, column 12-19: failed to load module"
The Kamailio that I run has this configuration
version: kamailio 5.8.6 (x86_64/linux) 6c71d5 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 6c71d5 compiled on 04:12:34 Jun 6 2025 with gcc 12.2.1 ------------------------------------------------------------------- #global.cfg debug=2 log_stderror=no
memdbg=5 memlog=5
log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} "
/* number of SIP routing processes */ children=2
/* Defining interfaces */ #!substdef "!PUBLICIP!$env(PUBLICIP)!" #!substdef "!UDPPORT!$env(UDPPORT)!" #!substdef "!PUBLIC_UDP_SOCKET!udp:PUBLICIP:UDPPORT!" /* Need for TLS Support */ #!substdef "!PUBLIC_TLS_SOCKET!TLS:PUBLICIP:5061!"
#!substdef "!COREIP!$env(COREIP)!" #!substdef "!UDPPORT!$env(UDPPORT)!" #!substdef "!CORE_UDP_SOCKET!udp:COREIP:UDPPORT!" #!substdefs "!CORESUBNET!$env(CORESUBNET)!" /* listen addresses */ listen=PUBLIC_UDP_SOCKET listen=CORE_UDP_SOCKET
/* Need for TLS Support */ listen=tls:0.0.0.0:5061https://link.edgepilot.com/s/79616226/8h-IjRzlmUan51PlxuZR2Q?u=http://0.0.0.0:5061/
#!substdef "!DBUSERNAME!$env(DBUSERNAME)!" #!substdef "!DBPASSWORD!$env(DBPASSWORD)!" #!substdef "!DBHOST!$env(DBHOST)!" #!substdef "!DBNAME!$env(DBNAME)!"
#!define DBURL "mysql://DBUSERNAME:DBPASSWORD@DBHOST/DBNAME" #!define HTTP_API_ROUTING_ENDPOINT "https://link.edgepilot.com/s/47dca7bc/8tV4cYQp4UOpnHFQ2B1E6A?u=http://172.16..." ---------------------------------------------------------------- #kamailio.cfg
####### Enable TLS ######## enable_tls=yes
####### Core Modules Section ######## include_file "/etc/kamailio/modules-core.cfg"
####### Global Parameters ######### include_file "/etc/kamailio/globals.cfg"
####### Other Modules Section ######## include_file "/etc/kamailio/modules.cfg"
####### Custom Parameters #########
/* These parameters can be modified runtime via RPC interface * - see the documentation of 'cfg_rpc' module. * * Format: group.idhttps://link.edgepilot.com/s/46e1218e/fSZaVF1GX0mM6LO8mQoqWA?u=http://group.id/ = value 'desc' description * Access: $sel(cfg_get.group.idhttps://link.edgepilot.com/s/c2c005e4/uslHdtRDQE6btKKfMLeGzQ?u=http://cfg_get.group.id/) or @cfg_get.group.idhttps://link.edgepilot.com/s/c2c005e4/uslHdtRDQE6btKKfMLeGzQ?u=http://cfg_get.group.id/ */
####### Routing Logic ######## include_file "/etc/kamailio/routes.cfg"
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Links contained in this email have been replaced. If you click on a link in the email above, the link will be analyzed for known threats. If a known threat is found, you will not be able to proceed to the destination. If suspicious content is detected, you will see a warning.
Hey @Jonathan Aquilinamailto:jaquilina@eagleeyet.net,
This shouldn't be the issue as without the TLS module, I can have a connectivity between the two docker
Best regards, Timothy
From: Jonathan Aquilina jaquilina@eagleeyet.net Sent: Wednesday, June 25, 2025 1:30 PM To: Timothy Delin timothy.delin@singtel.com; Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: Who AmI myfriendjohn1@gmail.com Subject: RE: [SR-Users] Re: kamailio tls module not loading
[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.
___ Hi Timothy,
Have you checked to see there is no firewall blocking traffic?
Regards, Jonathan From: Timothy Delin <timothy.delin@singtel.commailto:timothy.delin@singtel.com> Sent: 25 June 2025 05:53 To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Who AmI <myfriendjohn1@gmail.commailto:myfriendjohn1@gmail.com>; Jonathan Aquilina <jaquilina@eagleeyet.netmailto:jaquilina@eagleeyet.net> Subject: RE: [SR-Users] Re: kamailio tls module not loading
Hey Jonathan,
I can confirm that this IP address is only used for the Kamailio TLS listener based on the netstat command.
/usr/src/kamailio # netstat -tuln | grep 5063 tcp 0 0 192.168.254.19:5063 0.0.0.0:* LISTEN
I am not sure if I should have a separate listener and outgoing port for listener.
Best regards, Timothy
From: Jonathan Aquilina <jaquilina@eagleeyet.netmailto:jaquilina@eagleeyet.net> Sent: Wednesday, June 25, 2025 11:41 AM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Who AmI <myfriendjohn1@gmail.commailto:myfriendjohn1@gmail.com>; Timothy Delin <timothy.delin@singtel.commailto:timothy.delin@singtel.com> Subject: RE: [SR-Users] Re: kamailio tls module not loading
[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.
___ Hi Timothy,
This line is the give all tell all here:
0(1) DEBUG: <core> [core/tcp_main.c:1305]: find_listening_sock_info(): binding to source address 192.168.254.19:5061 failed: [Address in ue] [98]
Address in use im guessing that should say. Can you confirm there are no ip conflicts with another container using the same ip address?
Regards, Jonathan From: Timothy Delin via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Sent: 25 June 2025 03:40 To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Who AmI <myfriendjohn1@gmail.commailto:myfriendjohn1@gmail.com>; Timothy Delin <timothy.delin@singtel.commailto:timothy.delin@singtel.com> Subject: [SR-Users] Re: kamailio tls module not loading
Hey John,
Apologies on the late reply, was away for the whole week.
All your questions have been checked and ruled out.
However, I still not able to resolve it. Hence, I decided to approach it differently with manual loadparam
loadmodule "tls.so" #modparam("tls", "config", "/etc/kamailio/tls/tls.cfg") modparam("tls", "tls_method", "TLSv1.2+") # Force TLS 1.2+ for all connections modparam("tls","require_certificate",1) modparam("tls","verify_certificate",1) modparam("tls","verify_depth",9) modparam("tls","certificate","/etc/kamailio/tls/certificate.pem") modparam("tls","private_key","/etc/kamailio/tls/private_key.pem") modparam("tls","ca_list","/etc/kamailio/tls/server_cas.pem")
Now it is showing that the TLS connectivity exist, but I know can't let the Kamailio docker run properly and I keep receiving this log message
0(1) DEBUG: <core> [core/tcp_main.c:1305]: find_listening_sock_info(): binding to source address 192.168.254.19:5061 failed: [Address in ue] [98] 0(1) DEBUG: tls [tls_server.c:242]: tls_complete_init(): completing tls connection initialization 0(1) DEBUG: tls [tls_server.c:204]: tls_get_connect_server_name(): xavp with outbound server name not found 0(1) DEBUG: tls [tls_server.c:178]: tls_get_connect_server_id(): xavp with outbound server id not found 0(1) DEBUG: tls [tls_server.c:185]: tls_get_connect_server_id(): outbound server id not set
Just to confirm, does it mean that I cant be using the TLS listen port and output port the same?
Best regards, Timothy
From: Who AmI <myfriendjohn1@gmail.commailto:myfriendjohn1@gmail.com> Sent: Monday, June 16, 2025 6:31 PM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Timothy Delin <timothy.delin@singtel.commailto:timothy.delin@singtel.com> Subject: Re: [SR-Users] kamailio tls module not loading
[CAUTION: External email] Do not click links or open attachments unless you recognize the sender and know the content is safe.
___ Hi there,
A few quick questions just to rule out the simple stuff.
- I don't see it, but I assume you have added "loadmodule "tls.so"" to the cfg? - In the file: /etc/kamailio/modules/tls.cfg - this points to the path where the certs are - is that path accessible by the kamailio process for read access? (0600 with owner kamailio or 644 with owner root etc) - Correctly named path and cert name as well in the above file?
Hope this helps.
John.
On Mon, 16 Jun 2025 at 10:30, Timothy Delin via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> wrote: Hi everyone,
I am facing an issue where I cannot load the TLS module in my Kamailio server. I keep receiving this error message
"0(1) ERROR: <core> [core/sr_module.c:529]: ksr_locate_module(): could not find module <tls> in </usr/local/lib64/kamailio/modules> 0(1) CRITICAL: <core> [core/cfg.y:4015]: yyerror_at(): parse error in config file /etc/kamailio/modules/tls.cfg, line 1, column 12-19: failed to load module"
The Kamailio that I run has this configuration
version: kamailio 5.8.6 (x86_64/linux) 6c71d5 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 6c71d5 compiled on 04:12:34 Jun 6 2025 with gcc 12.2.1 ------------------------------------------------------------------- #global.cfg debug=2 log_stderror=no
memdbg=5 memlog=5
log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} "
/* number of SIP routing processes */ children=2
/* Defining interfaces */ #!substdef "!PUBLICIP!$env(PUBLICIP)!" #!substdef "!UDPPORT!$env(UDPPORT)!" #!substdef "!PUBLIC_UDP_SOCKET!udp:PUBLICIP:UDPPORT!" /* Need for TLS Support */ #!substdef "!PUBLIC_TLS_SOCKET!TLS:PUBLICIP:5061!"
#!substdef "!COREIP!$env(COREIP)!" #!substdef "!UDPPORT!$env(UDPPORT)!" #!substdef "!CORE_UDP_SOCKET!udp:COREIP:UDPPORT!" #!substdefs "!CORESUBNET!$env(CORESUBNET)!" /* listen addresses */ listen=PUBLIC_UDP_SOCKET listen=CORE_UDP_SOCKET
/* Need for TLS Support */ listen=tls:0.0.0.0:5061https://link.edgepilot.com/s/79616226/8h-IjRzlmUan51PlxuZR2Q?u=http://0.0.0.0:5061/
#!substdef "!DBUSERNAME!$env(DBUSERNAME)!" #!substdef "!DBPASSWORD!$env(DBPASSWORD)!" #!substdef "!DBHOST!$env(DBHOST)!" #!substdef "!DBNAME!$env(DBNAME)!"
#!define DBURL "mysql://DBUSERNAME:DBPASSWORD@DBHOST/DBNAME" #!define HTTP_API_ROUTING_ENDPOINT "https://link.edgepilot.com/s/47dca7bc/8tV4cYQp4UOpnHFQ2B1E6A?u=http://172.16..." ---------------------------------------------------------------- #kamailio.cfg
####### Enable TLS ######## enable_tls=yes
####### Core Modules Section ######## include_file "/etc/kamailio/modules-core.cfg"
####### Global Parameters ######### include_file "/etc/kamailio/globals.cfg"
####### Other Modules Section ######## include_file "/etc/kamailio/modules.cfg"
####### Custom Parameters #########
/* These parameters can be modified runtime via RPC interface * - see the documentation of 'cfg_rpc' module. * * Format: group.idhttps://link.edgepilot.com/s/46e1218e/fSZaVF1GX0mM6LO8mQoqWA?u=http://group.id/ = value 'desc' description * Access: $sel(cfg_get.group.idhttps://link.edgepilot.com/s/c2c005e4/uslHdtRDQE6btKKfMLeGzQ?u=http://cfg_get.group.id/) or @cfg_get.group.idhttps://link.edgepilot.com/s/c2c005e4/uslHdtRDQE6btKKfMLeGzQ?u=http://cfg_get.group.id/ */
####### Routing Logic ######## include_file "/etc/kamailio/routes.cfg"
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Links contained in this email have been replaced. If you click on a link in the email above, the link will be analyzed for known threats. If a known threat is found, you will not be able to proceed to the destination. If suspicious content is detected, you will see a warning.
-
Jonathan Aquilina -
Timothy Delin