[Users] Allow only TLS connections

Christoph Fürstaller christoph.fuerstaller at kurtkrenn.com
Thu Apr 13 10:52:42 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I tried that out. I check if proto is TLS:
if (proto != TLS) {
	sl_send_reply("403", "Forbidden");
	exit;
};

But I get this error:
 3(28893) ERROR:tm:add_uac: can't fwd to af 2, proto 1  (no
corresponding listening socket)
 3(28893) ERROR:tm:t_forward_nonack: failure to add branches
 3(28893) ERROR:tm:t_relay_to:  t_forward_nonack returned error

What does it mean? What I'm doing wrong?
My SER is only listening on tls port 5061. Do I still have to open udp
5060 ?

chris...

Cesc wrote:
> http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6c17b007ea61fa37b86b391ce1b2a80f#tcp
> 
> 
> 
> On 4/11/06, Thorsten.Haupt at t-systems.com <Thorsten.Haupt at t-systems.com> wrote:
> 
>>I searched for this function, but I didn't found it :-(
>>Knows anyone the correct code, not only pseudo-code?
>>
>>Torsten
>>
>>-----Ursprüngliche Nachricht-----
>>Von: Cesc [mailto:cesc.santa at gmail.com]
>>Gesendet: Dienstag, 11. April 2006 14:03
>>An: Haupt, Thorsten
>>Cc: users at openser.org
>>Betreff: Re: [Users] Allow only TLS connections
>>
>>I think in openser there is a function to check what transport the message came in ... you can do something like:
>>if ( transport != TLS ) {
>>          send error to UA
>>          break;
>>}
>>
>>Cesc
>>
>>On 4/11/06, Thorsten.Haupt at t-systems.com <Thorsten.Haupt at t-systems.com> wrote:
>>
>>>
>>>Hello,
>>>
>>>I use OpenSER in a testing environment for VoIP security. My clients
>>>connect via TLS. If I deactivate UDP/5060 on the server, it doesn't work correct.
>>>Some Clients can't connect and others can't establish calls. I read in
>>>another thread, that UDP is mandatory for SIP and that the server need it.
>>>
>>>But how can I prevent users from connecting via UDP and force them to
>>>use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is
>>>this the correct way? Are there any parameters server-side to force
>>>users to connect via TLS?
>>>
>>>Thanks for response.
>>>Torsten
>>>_______________________________________________
>>>Users mailing list
>>>Users at openser.org
>>>http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>
>>_______________________________________________
>>Users mailing list
>>Users at openser.org
>>http://openser.org/cgi-bin/mailman/listinfo/users
>>
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEPhFaR0exH8dhr/YRAnYcAKC5SRrH9RuFLO74LjVDbKx9Lix/1ACdHXCR
2vxI8axUUKfrjQ3m1YdYzwA=
=9jKq
-----END PGP SIGNATURE-----




More information about the sr-users mailing list