[Kamailio-Users] Problem with secure TLS call

Mon Mar 29 11:46:19 CEST 2010

How can i stop kamailio creating new connection.

you see, phones are connected from different ip:port, and their contact
value points to sameip:diff port.
So while forwarding the request naturally kamailio tries to go to contact
pairs, and that is the root problem

Any suggestion to sort out this thing?

-- 
Regards,

Hemanshu Patel
SIS,Ahmedabad.
M: 09601295238

> Kamailio tries to open a TLS connection to the client. You should avoid
> this - Kamailio should use the existing TLS/TCP connection that was
> established by the client during registration.
>
> klaus
>
> Am 27.03.2010 07:07, schrieb Hemanshu Patel:
>>
>> With TLS it still is not working
>>
>> Mar 27 11:39:16 [4421] INFO:core:probe_max_receive_buffer: using a UDP
>> receive buffer of 255 kb
>> Mar 27 11:39:16 [4425] WARNING:usrloc:dbrow2info: non-local
>> socket<tcp:172.16.16.218:5091>...ignoring
>> Mar 27 11:39:18 [4431] INFO:core:tls_accept: client did not present a
>> certificate
>> Mar 27 11:39:55 [4432] INFO:core:tls_accept: client did not present a
>> certificate
>> Mar 27 11:40:01 [4431] ERROR:rr:w_record_route: Double attempt to
>> record-route
>> Mar 27 11:40:01 [4426] ERROR:core:tls_connect: SSL_ERROR_SYSCALL
>> err=Connection reset by peer(104)
>> Mar 27 11:40:01 [4426] ERROR:core:tls_connect: something wrong in SSL: 5
>> (ret=-1) err=Connection reset by peer(104)
>> Mar 27 11:40:01 [4426] ERROR:core:tcp_send: failed to send
>> Mar 27 11:40:01 [4426] ERROR:core:msg_send: tcp_send failed
>> Mar 27 11:40:01 [4425] WARNING:core:run_actions: null action list
>> (rec_level=1)
>>
>>
>> my doubt is that if somethings wrong with SSL certificates that i
>> created myself (i.e my own root CA, and self signed certificates), then
>> how come registration is working like charm?
>> if there is some problem with Certificates then registration should also
>> not  work.
>> am i right?
>>
>> ----
>>
>> Regards,
>>
>> Hemanshu Patel
>> Sr. Software Engg
>> SIS,Ahmedabad
>> Mo:09601295238
>>
>>
>> On Sat 27/03/10  9:50 AM , "Hemanshu Patel"<hemanshu.patel at saicare.com>
>> wrote:
>>
>>> I havent tested over TCP, let me check it
>>> but hardphone, i mean hardware based phones from grandstream gvx3140
>>> works
>>> fine with same implementation on TLS.
>>> --
>>> Regards,
>>> Hemanshu Patel
>>> M: 09601295238
>>>> Does eyebeam with SIP over TCP is working?
>>>>
>>>> Am 26.03.2010 13:43, schrieb Hemanshu Patel:
>>>>>
>>>>> i am still having this problem.
>>>>> when i use two grandstream phone everything works fine,
>>>>> i can make calls on TLS and users can talk to each other.
>>>>>
>>>>> But when i use two eyebream phone, it doesnt work, gives
>>> following error
>>>>>
>>>>> :33 [2875] WARNING:core:init_ssl_ctx_behavior: server
>>> verification NOT
>>>>> activated. Weaker security.
>>>>> [ panreg-tls]$
>>>>> [ panreg-tls]$
>>>>> [ panreg-tls]$ Mar 26 18:11:59 [2889]
>>>>> ERROR:rr:w_record_route: Double attempt to record-route
>>>>> Mar 26 18:12:09 [2884] ERROR:core:tcp_blocking_connect: timeout
>>> 10 s
>>>>> elapsed from 10 s
>>>>> Mar 26 18:12:09 [2884] ERROR:core:tcpconn_connect:
>>> tcp_blocking_connect
>>>>> failed
>>>>> Mar 26 18:12:09 [2884] ERROR:core:tcp_send: connect failed
>>>>> Mar 26 18:12:09 [2884] ERROR:core:msg_send: tcp_send failed
>>>>> Mar 26 18:12:10 [2883] ERROR:core:tcp_blocking_connect: timeout
>>> 10 s
>>>>> elapsed from 10 s
>>>>> Mar 26 18:12:10 [2883] ERROR:core:tcpconn_connect:
>>> tcp_blocking_connect
>>>>> failed
>>>>> Mar 26 18:12:10 [2883] ERROR:core:tcp_send: connect failed
>>>>> Mar 26 18:12:10 [2883] ERROR:core:msg_send: tcp_send failed
>>>>> Mar 26 18:12:10 [2883] WARNING:core:run_actions: null action list
>>>>> (rec_level=1)
>>>>> Mar 26 18:12:11 [2881] ERROR:core:tcp_blocking_connect: timeout
>>> 10 s
>>>>> elapsed from 10 s
>>>>> Mar 26 18:12:11 [2881] ERROR:core:tcpconn_connect:
>>> tcp_blocking_connect
>>>>> failed
>>>>> Mar 26 18:12:11 [2881] ERROR:core:tcp_send: connect failed
>>>>> Mar 26 18:12:11 [2881] ERROR:core:msg_send: tcp_send failed
>>>>> Mar 26 18:12:13 [2882] ERROR:core:tcp_blocking_connect: timeout
>>> 10 s
>>>>> elapsed from 10 s
>>>>> Mar 26 18:12:13 [2882] ERROR:core:tcpconn_connect:
>>> tcp_blocking_connect
>>>>> failed
>>>>> Mar 26 18:12:13 [2882] ERROR:core:tcp_send: connect failed
>>>>> Mar 26 18:12:13 [2882] ERROR:core:msg_send: tcp_send failed
>>>>> Mar 26 18:12:19 [2884] ERROR:core:tcp_blocking_connect: timeout
>>> 10 s
>>>>> elapsed from 10 s
>>>>> Mar 26 18:12:19 [2884] ERROR:core:tcpconn_connect:
>>> tcp_blocking_connect
>>>>> failed
>>>>> Mar 26 18:12:19 [2884] ERROR:core:tcp_send: connect failed
>>>>> Mar 26 18:12:19 [2884] ERROR:core:msg_send: tcp_send failed
>>>>>
>>>>>
>>>>>
>>>>> Any idea? Same configuration works with grandstream, while they
>>> cant in
>>>>> softphone? and gives 477 errot code.
>>>>>
>>>>> my asterisk log is as below:
>>>>>
>>>>> 26 18:08:09] WARNING[2833]: chan_sip.c:1648 setup_crypto:
>>> Hemanshu:
>>>>> local_key641 jhbAJ7jFE1p/Ngn4kVxy7qTTmkJpeBiN6W98+gmM len 40
>>>>>       -- Called kamailio/1003
>>>>>       -- Got SIP response 477 "Send failed (477/SL)" back from
>>>>> 172.16.16.218
>>>>>       -- No one is available to answer at this time (1:0/0/0)
>>>>>       -- Executing [_default:4] Hangup("SIP/5091-8c001430", "")
>>>>> in
>>>>> new stack
>>>>>     == Spawn extension (hemu_default, 1003, 4) exited non-zero on
>>>>> 'SIP/5091-8c001430'
>>>>>          >   ::Disconnected form Oracle, trying to connect again..
>>>>>          >   ::Tried a lot, not getting connected..
>>>>>       -- Got SIP response 477 "Send failed (477/SL)" back from
>>>>> 172.16.16.218
>>>>>
>>>>>
>>>>> Any idea what could be the problem?
>>>>>
>>>>
>>> _______________________________________________
>>> Kamailio (OpenSER) - Users mailing list
>>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>> ---- SIS Blade Server, Desktop&  Thin Client is now available on DGS&  D
>> rate contract. For more detail kindly visit our website
>> http://www.saicare.com
>