[sr-dev] TLS connection issue
Lorenzo Campo
lorenzo at airspot.tech
Tue Oct 19 15:46:57 CEST 2021
Hi guys,
We are quite newby about Kamailio and we are trying to use it as a load
balancer. While installing certificates we started having problems.
We use Kamailio (vers. 5.5) deployed on a VM (Ubuntu, 20.04 LTS).
We cannot connect via TLS Kamailio VM with clients or other TCP VM.
Our Kamailio currently exposes only port 5060 in UDP and TCP.
Even doing a port scan on localhost, port 5061, used for the TLS protocol,
is instead closed.
There are 3 things worth noting:
- All ports for all protocols are open on the firewall;
- Before we set the disable_tcp option to "no", the 5060 was only reachable
in UDP;
- Even if you put a non-existent certificate, the system does not return an
error so we cannot understand if the goodness of the certificates affects
the opening of the door. Furthermore, we did not find any different
behavior when switching from crt format (key for the private key) to PEM.
If someone can help us would be very appreciated.
Thank you very much
Here is our tls configuration:
kamailio.cfg
#!define WITH_TLS 1
...
disable_tcp=no
auto_aliases=no
….
loadmodule "sl.so"
loadmodule "tls.so"
...
modparam("tls", "private_key", "/etc/kamailio/key.pem")
modparam("tls", "certificate", "/etc/kamailio/crt.pem")
modparam("tls", "ca_list", "/etc/kamailio/ca.pem")
enable_tls=yes
tls.config
[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/kamailio-selfsigned.key
certificate = /etc/kamailio/kamailio-selfsigned.pem
#ca_list = /etc/kamailio/tls/cacert.pem
#crl = /etc/kamailio/tls/crl.pem
[client:default]
#method = TLSv1.2+
verify_certificate = no
require_certificate = no
*Sent with Shift
<https://tryshift.com/?utm_source=SentWithShift&utm_campaign=Sent+with+Shift+Signature&utm_medium=Email+Signature&utm_content=General+Email+Group>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20211019/39596e25/attachment.htm>
More information about the sr-dev
mailing list