Hi,
What are the requirements for connecting with tls/wss.
I have not come across any information or example for this.
My config is working when the client uses ws. However if I change this to use wss, (this is it only paramter I change) it does not work. I understand Kamailio does not support DTLS, I set the jssip client DtlsSrtpKeyAgreement to false to disable this, I also set the tls option to not require or verify certicficates and it still does not work.
What if other considaerstion do I need to check?
thanks
On 19 Mar 2014, at 16:46, jaflong jaflong jaflong@yandex.com wrote:
Hi,
What are the requirements for connecting with tls/wss.
I have not come across any information or example for this.
My config is working when the client uses ws. However if I change this to use wss, (this is it only paramter I change) it does not work. I understand Kamailio does not support DTLS, I set the jssip client DtlsSrtpKeyAgreement to false to disable this, I also set the tls option to not require or verify certicficates and it still does not work.
Kamailio has nothing to do with DTLS - it's in the media layer, not in the signalling.
What if other considaerstion do I need to check?
Check if normal SIP/TLS works and if you can connect with a web browser. There is a TLS debugging page on the Kamailio wiki with a lot of helpful tips and tricks. We might want to add WSS to that page.
/O
thanks
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Ollie, Thanks for the info.
I am not aware how to test SIP/TLS can you make a suggestion of how to do it and what is the url of the page you mention.
However I have followed this page http://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging
I can get a successful tls connection when I connect with http so I know basic tls works.
Tested by having this in kamailio.cfg
event_route[xhttp:request] { set_reply_close(); set_reply_no_connect();
xhttp_reply("200", "OK", "text/html","<html><body>Received HTTP request to $hu from [$si:$sp] with protocol $proto</body></html>"); xlog("L_INFO", "HTTP Request Received\n");
......
Going to https://10.1.2.3:6443 gives this Received HTTP request to / from [10.1.1.1:58179] with protocol tls
19.03.2014, 19:50, "Olle E. Johansson" oej@edvina.net:
On 19 Mar 2014, at 16:46, jaflong jaflong jaflong@yandex.com wrote:
Hi,
What are the requirements for connecting with tls/wss.
I have not come across any information or example for this.
My config is working when the client uses ws. However if I change this to use wss, (this is it only paramter I change) it does not work. I understand Kamailio does not support DTLS, I set the jssip client DtlsSrtpKeyAgreement to false to disable this, I also set the tls option to not require or verify certicficates and it still does not work.
Kamailio has nothing to do with DTLS - it's in the media layer, not in the signalling.
What if other considaerstion do I need to check?
Check if normal SIP/TLS works and if you can connect with a web browser. There is a TLS debugging page on the Kamailio wiki with a lot of helpful tips and tricks. We might want to add WSS to that page.
/O
thanks
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
Probably a silly question, but does your xhttp event_route go on to actually handle the WebSockets handshake?
There is an example websocket.cfg in the examples directory in Git. Have you tried using this?
Peter
On 19 March 2014 16:03, jaflong jaflong jaflong@yandex.com wrote:
Ollie, Thanks for the info.
I am not aware how to test SIP/TLS can you make a suggestion of how to do it and what is the url of the page you mention.
However I have followed this page http://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging
I can get a successful tls connection when I connect with http so I know basic tls works.
Tested by having this in kamailio.cfg
event_route[xhttp:request] { set_reply_close(); set_reply_no_connect();
xhttp_reply("200", "OK", "text/html","<html><body>Received HTTPrequest to $hu from [$si:$sp] with protocol $proto</body></html>"); xlog("L_INFO", "HTTP Request Received\n");
......Going to https://10.1.2.3:6443 gives this Received HTTP request to / from [10.1.1.1:58179] with protocol tls
19.03.2014, 19:50, "Olle E. Johansson" oej@edvina.net:
On 19 Mar 2014, at 16:46, jaflong jaflong jaflong@yandex.com wrote:
Hi,
What are the requirements for connecting with tls/wss.
I have not come across any information or example for this.
My config is working when the client uses ws. However if I change this
to use wss, (this is it only paramter I change) it does not work.
I understand Kamailio does not support DTLS, I set the jssip client
DtlsSrtpKeyAgreement to false to disable this, I also set the tls option to not require or verify certicficates and it still does not work.
Kamailio has nothing to do with DTLS - it's in the media layer, not in
the signalling.
What if other considaerstion do I need to check?
Check if normal SIP/TLS works and if you can connect with a web browser.
There is a TLS debugging page on the Kamailio wiki with a lot of helpful tips and tricks. We might want to add WSS to that page.
/O
thanks
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On 19 Mar 2014, at 17:03, jaflong jaflong jaflong@yandex.com wrote:
Ollie, Thanks for the info.
I am not aware how to test SIP/TLS can you make a suggestion of how to do it and what is the url of the page you mention.
One line below :-)
However I have followed this page http://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging
I can get a successful tls connection when I connect with http so I know basic tls works.
Tested by having this in kamailio.cfg
event_route[xhttp:request] { set_reply_close(); set_reply_no_connect();
xhttp_reply("200", "OK", "text/html","<html><body>Received HTTP request to $hu from [$si:$sp] with protocol $proto</body></html>"); xlog("L_INFO", "HTTP Request Received\n");
......
Going to https://10.1.2.3:6443 gives this Received HTTP request to / from [10.1.1.1:58179] with protocol tls
Ok, so the basic TLS is up and running. Then I leave the WSS part to developers that know that part much better than I do.
/O
19.03.2014, 19:50, "Olle E. Johansson" oej@edvina.net:
On 19 Mar 2014, at 16:46, jaflong jaflong jaflong@yandex.com wrote:
Hi,
What are the requirements for connecting with tls/wss.
I have not come across any information or example for this.
My config is working when the client uses ws. However if I change this to use wss, (this is it only paramter I change) it does not work. I understand Kamailio does not support DTLS, I set the jssip client DtlsSrtpKeyAgreement to false to disable this, I also set the tls option to not require or verify certicficates and it still does not work.
Kamailio has nothing to do with DTLS - it's in the media layer, not in the signalling.
What if other considaerstion do I need to check?
Check if normal SIP/TLS works and if you can connect with a web browser. There is a TLS debugging page on the Kamailio wiki with a lot of helpful tips and tricks. We might want to add WSS to that page.
/O
thanks
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
Probably a silly question, but does your xhttp event_route go on to actually handle the WebSockets handshake?
There is an example websocket.cfg in the examples directory in Git. Have you tried using this?
Peter
On 19 March 2014 15:50, Olle E. Johansson oej@edvina.net wrote:
On 19 Mar 2014, at 16:46, jaflong jaflong jaflong@yandex.com wrote:
Hi,
What are the requirements for connecting with tls/wss.
I have not come across any information or example for this.
My config is working when the client uses ws. However if I change this
to use wss, (this is it only paramter I change) it does not work.
I understand Kamailio does not support DTLS, I set the jssip client
DtlsSrtpKeyAgreement to false to disable this, I also set the tls option to not require or verify certicficates and it still does not work. Kamailio has nothing to do with DTLS - it's in the media layer, not in the signalling.
What if other considaerstion do I need to check?
Check if normal SIP/TLS works and if you can connect with a web browser. There is a TLS debugging page on the Kamailio wiki with a lot of helpful tips and tricks. We might want to add WSS to that page.
/O
thanks
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Peter Dunkley Technical Director Acision
Peter Dunkley writes:
There is an example websocket.cfg in the examples directory in Git. Have you tried using this?
peter,
regarding the example, i noticed today that i had to make a small change to it in order to cope with hhtp get from my firefox browser:
if ($hdr(Upgrade)=~"websocket" && $hdr(Connection)=~"Upgrade" && $rm=~"GET") {
=>
if (($hdr(Upgrade) == "websocket") && in_list("Upgrade", $hdr(Connection), ",") && ($rm == "GET")) {
this is because body of Connection header had also another value in addition to Upgrade.
-- juha
Hi,
What are the requirements for connecting with tls/wss.
I have not come across any information or example for this.
My config is working when the client uses ws. However if I change this to use wss, (this is it only paramter I change) it does not work. I understand Kamailio does not support DTLS, I set the jssip client DtlsSrtpKeyAgreement to false to disable this, I also set the tls option to not require or verify certicficates and it still does not work.
What if other considaerstion do I need to check?
Hi,
Kamailio has nothing to do with DTLS since it handles only sip signalling.
To enable wss support you have to: - enable tls by "enable_tls=yes" - add listening socket "listen=tls:x.x.x.x:443" and use this port for wss connections - configure tls module.
-
jaflong jaflong -
Juha Heinanen -
Olle E. Johansson -
Peter Dunkley -
Peter Dunkley -
Vitaliy Aleksandrov