[OpenSER-Users] Broken "BYE" returned from Asterisk on TLS implementation ?

David Loh davidloh at vyke.com
Mon Sep 3 13:07:09 CEST 2007 

Hi Klaus,

So in order to make it work, the RURI of Asterisk uses should contain 
"transport=TLS" right.
if the "transport=TLS" can be appended to the SIP message, the 
disconnection shall be handle properly ?

Currently I'm struggling w/ subst/subst_uri ... it's seems the Regex 
textops module used was slightly different from Unix,
I do "subst('/^BYE(.*)SIP\/2\.0/BYE\1;transport=TLS SIP\/2\.0/ ');" but 
it doesn't work ...
I'm not sure if subst able to alter the header but if it doesn't, is 
there any command that I can use to alter the BYE header ?

Thanks,
David Loh

Klaus Darilion wrote:
> Route headers are fine - the problem is the RURI of the BYE:
>
> See the Contact header of the INVITE:
> Contact: <sip:davidloh at x.x.80.178:4294;transport=TLS>
>
> This URI must be used in the RURI of the BYE, but Asterisk uses:
> BYE sip:davidloh at x.x.80.178:4294 SIP/2.0
>
> Thus, the proxy forwards the request with UDP instead of TLS. Thus, 
> this is a bug in Asterisk. Try update Asterisk. Try looking at 
> Asterisk Bug tracker for this bug. If you are unlucky, open a bug 
> report on the Asterisk bug tracker (bugs.digium.com)
>
> regards
> klaus
>
> David Loh schrieb:
>> Hi,
>>
>> Arrggghh .. that's one of my attempts to eliminate the broken "BYE" 
>> problem... that's ngrep was captured when I set "modparam("rr", 
>> "enable_double_rr", "0");",
>> I've paste another ngrep to http://pastebin.ca/674450, this time the 
>> double RR header is enabled.
>> And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to 
>> decrypt the post is "openser").
>>
>> Even though double RR header is enabled, but for BYE it's still 
>> doesn't process properly :(
>> For the .cfg file line #130 onward, I did tried t_relay, forward and 
>> force_send_socket,
>> but none of this will do the trick (force_send_socket was complaining 
>> TLS error due to missing certificate (?) )
>> Would appreciate if anyone could enlighten me why is this happen ?
>>
>>
>> Thanks,
>> David Loh
>>
>>
>>
>> Klaus Darilion wrote:
>>> But the INVITE you posted at http://pastebin.ca/673392 also has only 
>>> one Record-Route header.
>>>
>>> regards
>>> klaus
>>>
>>> David Loh schrieb:
>>>> Hi,
>>>>
>>>> Yea, OpenSER proxy was add 2 record-route header for the INVITE/ACK 
>>>> ...but when asterisk disconnected the call and send BYE back to 
>>>> OpenSER,
>>>> the TLS RR header wasn't present, the only 2 RR header was 
>>>> "SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP <Client_WAN_IP>" ....
>>>> I'm puzzled ... is there any command to 'fix' this?
>>>>
>>>>
>>>> Regards,
>>>> David Loh
>>>>
>>>> Klaus Darilion wrote:
>>>>> The openser proxy should add 2 record-route header (TLS and UDP = 
>>>>> double record route). This is why it does not work.
>>>>>
>>>>> regards
>>>>> klaus
>>>>>
>>>>> David Loh schrieb:
>>>>>> Hi All,
>>>>>>
>>>>>> Greeting.
>>>>>>
>>>>>> I've been struggle with OpenSER TLS implementation for more than 
>>>>>> a week, since I've ported from UDP to TLS, everything work fine 
>>>>>> except the "BYE" request from Asterisk (loose route), my 
>>>>>> implementation was something like below:
>>>>>>
>>>>>> [Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
>>>>>>
>>>>>> My OpenSER.cfg already configured to listen on two port which is 
>>>>>> :- "tls:eth0:5061" and "udp:eth0:5060", client make p2p or PSTN 
>>>>>> (or even voicemail) having no problem,
>>>>>> but when the callee disconnect the call, caller will never get 
>>>>>> hang up :(
>>>>>>
>>>>>> I've attached my ethereal trace/ngrep to pastebin,
>>>>>> http://pastebin.ca/673392
>>>>>>
>>>>>> Wondering if anyone can help me with the broken "BYE" that 
>>>>>> returned from Asterisk ?
>>>>>> Line #131, supposedly this line should have contain 2 Via header, 
>>>>>> one was "SIP/2.0/UDP" and another "SIP/2.0/TLS",
>>>>>> but somehow the TLS via header was gone !! (compare to previous 
>>>>>> ACK (Line #117) /INVITE (Line #51).
>>>>>> Due to the missing TLS via header, OpenSER log file was 
>>>>>> complaining "protocol/port mis-match".
>>>>>>
>>>>>> The last BYE request (Line #256) is actually firing from Client, 
>>>>>> which contain the "TLS" via.
>>>>>>
>>>>>>
>>>>>> I've even tried "force_send_socket" to port 5061 (instead of 
>>>>>> 5060) from loose route, but it complaining TLS certificate error,
>>>>>> since Asterisk doesn't support TLS natively, I've no clue why is 
>>>>>> the ACK/INVITE/CANCEL work but not BYE.
>>>>>> if (loose_route) {
>>>>>> ....
>>>>>> if(is_method("BYE")) {   force_send_socket(IP:5061);  }
>>>>>> }
>>>>>>
>>>>>>
>>>>>> Has any one gone through of this kinda OpenSER over TLS + 
>>>>>> Asterisk setup,
>>>>>> I'm really appreciate if you can share your experience with me, 
>>>>>> or pin point what's the mistakes I made here.
>>>>>>
>>>>>> Thanks in advance.
>>>>>>
>>>>>> Regards,
>>>>>> David Loh
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at openser.org
>>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

More information about the sr-users mailing list