[OpenSER-Users] Broken "BYE" returned from Asterisk on TLS implementation ?

Klaus Darilion klaus.mailinglists at pernau.at
Wed Aug 29 14:42:55 CEST 2007 

Route headers are fine - the problem is the RURI of the BYE:

See the Contact header of the INVITE:
Contact: <sip:davidloh at x.x.80.178:4294;transport=TLS>

This URI must be used in the RURI of the BYE, but Asterisk uses:
BYE sip:davidloh at x.x.80.178:4294 SIP/2.0

Thus, the proxy forwards the request with UDP instead of TLS. Thus, this 
is a bug in Asterisk. Try update Asterisk. Try looking at Asterisk Bug 
tracker for this bug. If you are unlucky, open a bug report on the 
Asterisk bug tracker (bugs.digium.com)

regards
klaus

David Loh schrieb:
> Hi,
> 
> Arrggghh .. that's one of my attempts to eliminate the broken "BYE" 
> problem... that's ngrep was captured when I set "modparam("rr", 
> "enable_double_rr", "0");",
> I've paste another ngrep to http://pastebin.ca/674450, this time the 
> double RR header is enabled.
> And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to decrypt 
> the post is "openser").
> 
> Even though double RR header is enabled, but for BYE it's still doesn't 
> process properly :(
> For the .cfg file line #130 onward, I did tried t_relay, forward and 
> force_send_socket,
> but none of this will do the trick (force_send_socket was complaining 
> TLS error due to missing certificate (?) )
> Would appreciate if anyone could enlighten me why is this happen ?
> 
> 
> Thanks,
> David Loh
> 
> 
> 
> Klaus Darilion wrote:
>> But the INVITE you posted at http://pastebin.ca/673392 also has only 
>> one Record-Route header.
>>
>> regards
>> klaus
>>
>> David Loh schrieb:
>>> Hi,
>>>
>>> Yea, OpenSER proxy was add 2 record-route header for the INVITE/ACK 
>>> ...but when asterisk disconnected the call and send BYE back to OpenSER,
>>> the TLS RR header wasn't present, the only 2 RR header was 
>>> "SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP <Client_WAN_IP>" ....
>>> I'm puzzled ... is there any command to 'fix' this?
>>>
>>>
>>> Regards,
>>> David Loh
>>>
>>> Klaus Darilion wrote:
>>>> The openser proxy should add 2 record-route header (TLS and UDP = 
>>>> double record route). This is why it does not work.
>>>>
>>>> regards
>>>> klaus
>>>>
>>>> David Loh schrieb:
>>>>> Hi All,
>>>>>
>>>>> Greeting.
>>>>>
>>>>> I've been struggle with OpenSER TLS implementation for more than a 
>>>>> week, since I've ported from UDP to TLS, everything work fine 
>>>>> except the "BYE" request from Asterisk (loose route), my 
>>>>> implementation was something like below:
>>>>>
>>>>> [Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
>>>>>
>>>>> My OpenSER.cfg already configured to listen on two port which is :- 
>>>>> "tls:eth0:5061" and "udp:eth0:5060", client make p2p or PSTN (or 
>>>>> even voicemail) having no problem,
>>>>> but when the callee disconnect the call, caller will never get hang 
>>>>> up :(
>>>>>
>>>>> I've attached my ethereal trace/ngrep to pastebin,
>>>>> http://pastebin.ca/673392
>>>>>
>>>>> Wondering if anyone can help me with the broken "BYE" that returned 
>>>>> from Asterisk ?
>>>>> Line #131, supposedly this line should have contain 2 Via header, 
>>>>> one was "SIP/2.0/UDP" and another "SIP/2.0/TLS",
>>>>> but somehow the TLS via header was gone !! (compare to previous ACK 
>>>>> (Line #117) /INVITE (Line #51).
>>>>> Due to the missing TLS via header, OpenSER log file was complaining 
>>>>> "protocol/port mis-match".
>>>>>
>>>>> The last BYE request (Line #256) is actually firing from Client, 
>>>>> which contain the "TLS" via.
>>>>>
>>>>>
>>>>> I've even tried "force_send_socket" to port 5061 (instead of 5060) 
>>>>> from loose route, but it complaining TLS certificate error,
>>>>> since Asterisk doesn't support TLS natively, I've no clue why is 
>>>>> the ACK/INVITE/CANCEL work but not BYE.
>>>>> if (loose_route) {
>>>>> ....
>>>>> if(is_method("BYE")) {   force_send_socket(IP:5061);  }
>>>>> }
>>>>>
>>>>>
>>>>> Has any one gone through of this kinda OpenSER over TLS + Asterisk 
>>>>> setup,
>>>>> I'm really appreciate if you can share your experience with me, or 
>>>>> pin point what's the mistakes I made here.
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> Regards,
>>>>> David Loh
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openser.org
>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>>>
>>
>>
> 
>

More information about the sr-users mailing list