[Kamailio-Users] Problem with secure TLS call

Hemanshu Patel hemanshu.patel at saicare.com
Mon Mar 29 12:13:43 CEST 2010 

But interesting thing is that...the same is the case for my Grandstream
hardphones as well.

in those phones as well, the Connection IP:port is different that the
contact ip:port value.



-- 
Regards,

Hemanshu Patel
SIS,Ahmedabad.
M: 09601295238

> How can i stop kamailio creating new connection.
>
> you see, phones are connected from different ip:port, and their contact
> value points to sameip:diff port.
> So while forwarding the request naturally kamailio tries to go to contact
> pairs, and that is the root problem
>
> Any suggestion to sort out this thing?
>
> --
> Regards,
>
> Hemanshu Patel
> SIS,Ahmedabad.
> M: 09601295238
>
>> Kamailio tries to open a TLS connection to the client. You should avoid
>> this - Kamailio should use the existing TLS/TCP connection that was
>> established by the client during registration.
>>
>> klaus
>>
>> Am 27.03.2010 07:07, schrieb Hemanshu Patel:
>>>
>>> With TLS it still is not working
>>>
>>> Mar 27 11:39:16 [4421] INFO:core:probe_max_receive_buffer: using a UDP
>>> receive buffer of 255 kb
>>> Mar 27 11:39:16 [4425] WARNING:usrloc:dbrow2info: non-local
>>> socket<tcp:172.16.16.218:5091>...ignoring
>>> Mar 27 11:39:18 [4431] INFO:core:tls_accept: client did not present a
>>> certificate
>>> Mar 27 11:39:55 [4432] INFO:core:tls_accept: client did not present a
>>> certificate
>>> Mar 27 11:40:01 [4431] ERROR:rr:w_record_route: Double attempt to
>>> record-route
>>> Mar 27 11:40:01 [4426] ERROR:core:tls_connect: SSL_ERROR_SYSCALL
>>> err=Connection reset by peer(104)
>>> Mar 27 11:40:01 [4426] ERROR:core:tls_connect: something wrong in SSL:
>>> 5
>>> (ret=-1) err=Connection reset by peer(104)
>>> Mar 27 11:40:01 [4426] ERROR:core:tcp_send: failed to send
>>> Mar 27 11:40:01 [4426] ERROR:core:msg_send: tcp_send failed
>>> Mar 27 11:40:01 [4425] WARNING:core:run_actions: null action list
>>> (rec_level=1)
>>>
>>>
>>> my doubt is that if somethings wrong with SSL certificates that i
>>> created myself (i.e my own root CA, and self signed certificates), then
>>> how come registration is working like charm?
>>> if there is some problem with Certificates then registration should
>>> also
>>> not  work.
>>> am i right?
>>>
>>> ----
>>>
>>> Regards,
>>>
>>> Hemanshu Patel
>>> Sr. Software Engg
>>> SIS,Ahmedabad
>>> Mo:09601295238
>>>
>>>
>>> On Sat 27/03/10  9:50 AM , "Hemanshu Patel"<hemanshu.patel at saicare.com>
>>> wrote:
>>>
>>>> I havent tested over TCP, let me check it
>>>> but hardphone, i mean hardware based phones from grandstream gvx3140
>>>> works
>>>> fine with same implementation on TLS.
>>>> --
>>>> Regards,
>>>> Hemanshu Patel
>>>> M: 09601295238
>>>>> Does eyebeam with SIP over TCP is working?
>>>>>
>>>>> Am 26.03.2010 13:43, schrieb Hemanshu Patel:
>>>>>>
>>>>>> i am still having this problem.
>>>>>> when i use two grandstream phone everything works fine,
>>>>>> i can make calls on TLS and users can talk to each other.
>>>>>>
>>>>>> But when i use two eyebream phone, it doesnt work, gives
>>>> following error
>>>>>>
>>>>>> :33 [2875] WARNING:core:init_ssl_ctx_behavior: server
>>>> verification NOT
>>>>>> activated. Weaker security.
>>>>>> [ panreg-tls]$
>>>>>> [ panreg-tls]$
>>>>>> [ panreg-tls]$ Mar 26 18:11:59 [2889]
>>>>>> ERROR:rr:w_record_route: Double attempt to record-route
>>>>>> Mar 26 18:12:09 [2884] ERROR:core:tcp_blocking_connect: timeout
>>>> 10 s
>>>>>> elapsed from 10 s
>>>>>> Mar 26 18:12:09 [2884] ERROR:core:tcpconn_connect:
>>>> tcp_blocking_connect
>>>>>> failed
>>>>>> Mar 26 18:12:09 [2884] ERROR:core:tcp_send: connect failed
>>>>>> Mar 26 18:12:09 [2884] ERROR:core:msg_send: tcp_send failed
>>>>>> Mar 26 18:12:10 [2883] ERROR:core:tcp_blocking_connect: timeout
>>>> 10 s
>>>>>> elapsed from 10 s
>>>>>> Mar 26 18:12:10 [2883] ERROR:core:tcpconn_connect:
>>>> tcp_blocking_connect
>>>>>> failed
>>>>>> Mar 26 18:12:10 [2883] ERROR:core:tcp_send: connect failed
>>>>>> Mar 26 18:12:10 [2883] ERROR:core:msg_send: tcp_send failed
>>>>>> Mar 26 18:12:10 [2883] WARNING:core:run_actions: null action list
>>>>>> (rec_level=1)
>>>>>> Mar 26 18:12:11 [2881] ERROR:core:tcp_blocking_connect: timeout
>>>> 10 s
>>>>>> elapsed from 10 s
>>>>>> Mar 26 18:12:11 [2881] ERROR:core:tcpconn_connect:
>>>> tcp_blocking_connect
>>>>>> failed
>>>>>> Mar 26 18:12:11 [2881] ERROR:core:tcp_send: connect failed
>>>>>> Mar 26 18:12:11 [2881] ERROR:core:msg_send: tcp_send failed
>>>>>> Mar 26 18:12:13 [2882] ERROR:core:tcp_blocking_connect: timeout
>>>> 10 s
>>>>>> elapsed from 10 s
>>>>>> Mar 26 18:12:13 [2882] ERROR:core:tcpconn_connect:
>>>> tcp_blocking_connect
>>>>>> failed
>>>>>> Mar 26 18:12:13 [2882] ERROR:core:tcp_send: connect failed
>>>>>> Mar 26 18:12:13 [2882] ERROR:core:msg_send: tcp_send failed
>>>>>> Mar 26 18:12:19 [2884] ERROR:core:tcp_blocking_connect: timeout
>>>> 10 s
>>>>>> elapsed from 10 s
>>>>>> Mar 26 18:12:19 [2884] ERROR:core:tcpconn_connect:
>>>> tcp_blocking_connect
>>>>>> failed
>>>>>> Mar 26 18:12:19 [2884] ERROR:core:tcp_send: connect failed
>>>>>> Mar 26 18:12:19 [2884] ERROR:core:msg_send: tcp_send failed
>>>>>>
>>>>>>
>>>>>>
>>>>>> Any idea? Same configuration works with grandstream, while they
>>>> cant in
>>>>>> softphone? and gives 477 errot code.
>>>>>>
>>>>>> my asterisk log is as below:
>>>>>>
>>>>>> 26 18:08:09] WARNING[2833]: chan_sip.c:1648 setup_crypto:
>>>> Hemanshu:
>>>>>> local_key641 jhbAJ7jFE1p/Ngn4kVxy7qTTmkJpeBiN6W98+gmM len 40
>>>>>>       -- Called kamailio/1003
>>>>>>       -- Got SIP response 477 "Send failed (477/SL)" back from
>>>>>> 172.16.16.218
>>>>>>       -- No one is available to answer at this time (1:0/0/0)
>>>>>>       -- Executing [_default:4] Hangup("SIP/5091-8c001430", "")
>>>>>> in
>>>>>> new stack
>>>>>>     == Spawn extension (hemu_default, 1003, 4) exited non-zero on
>>>>>> 'SIP/5091-8c001430'
>>>>>>          >   ::Disconnected form Oracle, trying to connect again..
>>>>>>          >   ::Tried a lot, not getting connected..
>>>>>>       -- Got SIP response 477 "Send failed (477/SL)" back from
>>>>>> 172.16.16.218
>>>>>>
>>>>>>
>>>>>> Any idea what could be the problem?
>>>>>>
>>>>>
>>>> _______________________________________________
>>>> Kamailio (OpenSER) - Users mailing list
>>>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>>>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>> ---- SIS Blade Server, Desktop&  Thin Client is now available on DGS&
>>> D
>>> rate contract. For more detail kindly visit our website
>>> http://www.saicare.com
>>
>
>

More information about the sr-users mailing list