[Users] TLS problem : May I ask you again..Please....
Ferianto siregar
ferianto_voip at yahoo.com
Fri Sep 22 10:34:54 CEST 2006
Dear all,
First I would like to say thanks to every body in this forum. Thank you very much..
All, I am sorry for my message again. Sorry for the long message.
I am in rush and panic. I have read the instruction in tls.htm about TLS configuration many times. But, Untill now, I can not build it. Maybe because of my lack understanding and skill.
When I run "netstat -anp|grep 5061", I got this output message :
[root at localhost root]# netstat -anp|grep 5061
tcp 0 0 202.95.149.251:5061 0.0.0.0:* LISTEN
5099/openser
[root at localhost root]# netstat -anp|grep 5060
tcp 0 0 202.95.149.251:5060 0.0.0.0:* LISTEN
5099/openser
udp 0 0 202.95.149.251:5060 0.0.0.0:*
5099/openser
From the output, I can see that the port 5061 (for TLS) can be loaded.
But, why when I run "ngrep -d any...", there is no port 5061?
Here is the output
U 202.95.149.3:5060 -> 202.95.149.251:5060
..
####
T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]
POST / HTTP/1.1..
##
T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]
Content-Length: 220..
##
T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]
Content-Type: application/ipp..
##
T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]
Host: localhost..
##
T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]
..
##
T 127.0.0.1:32804 -> 127.0.0.1:631 [AP]
........
##
T 127.0.0.1:631 -> 127.0.0.1:32804 [AP]
HTTP/1.1 200 OK..
#
T 127.0.0.1:631 -> 127.0.0.1:32804 [AP]
Date: Fri, 22 Sep 2006 08:10:21 GMT..
##
T 127.0.0.1:631 -> 127.0.0.1:32804 [AP]
Server: CUPS/1.1..Connection: Keep-Alive..Keep-Alive: timeout=60..Content-Language: C..Content-Type: application/ipp; ch
arset=iso-8859-1..Content-Length: 81.............G..attributes-charset..utf-8H..attributes-natural-language..en-us.utf-8
.
What should I do? Please help me..Please give me a suggestion.
These are the tasks that I have done before :
1. I have added in DNS Records :
pcr.ac.id IN NAPTR 50 50 "s" "SIPS+D2T" "" _sips._tcp.pcr.ac.id. pcr.ac.id IN NAPTR 60 40 "s" "SIP+D2T" "" _sip._tcp.pcr.ac.id.
pcr.ac.id IN NAPTR 60 60 "s" "SIP+D2U" "" _sip._udp.pcr.ac.id
2. Here is my openser.cfg configuration :
debug=9
fork=no
log_stderror=yes
listen=202.95.149.251 # put your openserver IP address here
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/openser_fifo"
fifo_db_url="mysql://openser:openserrw@localhost/openser"
fifo_mode=0666
alias="pcr.ac.id"
tls_port_no=5061
# uncomment the following lines for TLS support
disable_tls = 0
listen = tls:202.95.149.251:5061
#listen = udp:202.95.149.251:5060
tls_verify_client = on
tls_require_client_certificate = on
tls_verify_server=on
tls_method = TLSv1
tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/nathelper.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
loadmodule "/usr/local/lib/openser/modules/uri_db.so"
loadmodule "/usr/local/lib/openser/modules/uri.so"
loadmodule "/usr/local/lib/openser/modules/avpops.so"
loadmodule "/usr/local/lib/openser/modules/domain.so"
loadmodule "/usr/local/lib/openser/modules/permissions.so"
modparam("auth_db|permissions|uri_db|usrloc","db_url", "mysql://openser:openserrw@localhost/openser")
modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
modparam("tm", "fr_inv_timer", 27)
modparam("tm", "fr_inv_timer_avp", "s:inv_timeout")
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
return;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
return;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};
if (method=="BYE" || method=="CANCEL") {
unforce_rtp_proxy();
}
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if (has_totag() && (method=="INVITE" || method=="ACK")) {
if (nat_uac_test("19")) {
setflag(6);
force_rport();
fix_nated_contact();
};
force_rtp_proxy("l");
};
route(1);
return;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(5);
route(1);
return;
};
if (uri==myself) {
if (method=="ACK") {
route(6);
return;
} else if (method=="CANCEL") {
route(3);
return;
} else if (method=="INVITE") {
route(3);
return;
} else if (method=="REGISTER") {
route(2);
return;
};
lookup("aliases");
if (uri!=myself) {
route(5);
route(1);
return;
};
if (!lookup("location")) {
sl_send_reply("404", "Uopenser Not Found");
return;
};
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" && isflagset(6)) {
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (!search("^Contact:\ +\*") && nat_uac_test("19")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("pcr.ac.id","subscriber")) {
www_challenge("pcr.ac.id","0");
return;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
return;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# CANCEL and INVITE Message Handler
# -----------------------------------------------------------------
if (nat_uac_test("19")) {
setflag(6);
}
#if (!allow_trusted() && nat_uac_test("19")) {
# setflag(6);
#}
lookup("aliases");
if (method=="INVITE" && !allow_trusted())
{
if (!proxy_authorize("pcr.ac.id","subscriber")) {
proxy_challenge("pcr.ac.id","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
return;
};
consume_credentials();
};
if (uri=~"^sip:9[0-9]*@") {
route(4);
return;
};
if (uri!=myself) {
route(5);
route(1);
return;
};
if (!lookup("location")) {
if (uri=~"^sip:[0-9]{10}@") {
route(4);
return;
};
sl_send_reply("404", "Uopenser Not Found");
return;
};
if (method=="CANCEL") {
route(1);
return;
}
if (isflagset(6)) {
force_rport();
fix_nated_contact();
force_rtp_proxy();
};
t_on_reply("1");
if (!t_relay()) {
if(isflagset(6)) {
unforce_rtp_proxy();
}
sl_reply_error();
};
}
route[4] {
# -----------------------------------------------------------------
# PSTN Handler
# -----------------------------------------------------------------
rewritehostport("202.95.149.254:5060"); # INOPENSERT YOUR PSTN GATEWAY IP ADDRESS
# avp_write("i:45", "inv_timeout");
#if (!allow_trusted() && isflagset(6)) {
if (isflagset(6)) {
force_rport();
fix_nated_contact();
force_rtp_proxy();
};
route(1);
}
onreply_route[1] {
if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") {
if (!search("^Content-Length:\ +0")) {
force_rtp_proxy();
};
};
if (nat_uac_test("1")) {
fix_nated_contact();
};
}
What should I add in openser.cfg? Please help..Please..
Thank you very much,
Regards,
Ferianto
---------------------------------
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060922/4be83e50/attachment.htm>
More information about the sr-users
mailing list