[SR-Users] Problem with my kamailio installation

Mon Nov 5 23:18:33 CET 2012

TLS is a security layer in top of TCP, so apparently tcp has to be 
specified as a listening transport layer to make tls work. Starting with 
v3.0.0, tls code is in a module, so the core might not initialize tcp if 
it does not have afferent sockets. Not sure what would take to make it 
work with tls only sockets - but definitely is no impact on resources, 
because the worker processes are the same for tcp and tls.

You can forbid tcp traffic from config file:

if(proto=TCP) {
send_repply("403", "Not allowed");
exit;
}

Cheers,
Daniel

On 11/5/12 11:18 AM, Ramazan Yilmaz wrote:
> Keeping listen=tls...., I also included "listen=tcp:127.0.0.1:5060 
> <http://127.0.0.1:5060>". On restart it says,
>
> Listening on
>              tcp: 127.0.0.1:5060 <http://127.0.0.1:5060>
>              tls: XX.XX.XX.XX [XX.XX.XX.XX]:5061
> Aliases:
>              *: XX.XX.XX.XX:*
>
> kamailio started.
>
> And now kamctl ps gives,
>
> Process::  ID=0 PID=931 Type=attendant
> Process::  ID=1 PID=933 Type=slow timer
> Process::  ID=2 PID=934 Type=timer
> Process::  ID=3 PID=935 Type=MI FIFO
> Process::  ID=4 PID=936 Type=ctl handler
> Process::  ID=5 PID=937 Type=MI DATAGRAM
> Process::  ID=6 PID=938 Type=TIMER NH
> Process::  ID=7 PID=939 Type=tcp receiver (generic) child=0
> Process::  ID=8 PID=940 Type=tcp receiver (generic) child=1
> Process::  ID=9 PID=941 Type=tcp receiver (generic) child=2
> Process::  ID=10 PID=942 Type=tcp receiver (generic) child=3
> Process::  ID=11 PID=943 Type=tcp main process
>
> And, now I can register to kamailio :) No error is written in syslog. 
> An interesting workaround...
> Is this normal? i.e. is listening on a tcp port mandatory?
>
> On Mon, Nov 5, 2012 at 12:03 PM, Daniel-Constantin Mierla 
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
>     Hello,
>
>     can you put also:
>
>     listen=tcp:127.0.0.1:5060 <http://127.0.0.1:5060>
>
>     ?
>
>     Cheers,
>     Daniel
>
>
>     On Mon, Nov 5, 2012 at 9:31 AM, Ramazan Yilmaz
>     <ramazan.cs at gmail.com <mailto:ramazan.cs at gmail.com>> wrote:
>
>         Any idea?
>         I have shared my tls configuration with you in my previous
>         post, and as I said, that configuration works with kamailio
>         3.2.4. After silence of 4 days, do you confirm that it is a
>         bug? If so, how can it be solved? Any suggestion?
>
>
>         On Thu, Nov 1, 2012 at 4:23 PM, Ramazan Yilmaz
>         <ramazan.cs at gmail.com <mailto:ramazan.cs at gmail.com>> wrote:
>
>             In my kamailio configuration, I already have "#!define
>             WITH_TLS". And some more about my configuration:
>
>             listen=tls:XX.XX.XXX.XX:5061
>
>             #!ifdef WITH_TLS
>             enable_tls=yes
>             #!endif
>
>             #!ifdef WITH_TLS
>             loadmodule "tls.so"
>             #!endif
>
>             #!ifdef WITH_TLS
>             # ----- tls params -----
>             modparam("tls", "config",
>             "/usr/local/kamailio-3.3/etc/kamailio/tls.cfg")
>             #!endif
>
>             And my tls.cfg is,
>
>             [server:default]
>             method = SSLv23
>             verify_certificate = no
>             require_certificate = no
>             private_key =
>             /usr/local/kamailio-3.3/etc/kamailio/kamailio.key
>             certificate =
>             /usr/local/kamailio-3.3/etc/kamailio/kamailio.pem
>
>             [client:default]
>             verify_certificate = yes
>             require_certificate = yes
>
>             I have just installed kamailio 3.2.4 on some other server
>             to see whether the problem is with my configuration/my
>             system or with kamailio release. I again installed Ubuntu,
>             and I installed the requested packages via apt-get, as I
>             had done on problematic system. I used exactly the same
>             configuration file, except changing the domain/ip values.
>             And it worked. Then I used the same configuration file on
>             some other versions of Ubuntu server, and it worked again.
>             So, it really seems as a bug in kamailio.
>
>             It seems the worker children cannot be forked for some
>             reason at startup, so I enabled WITH_DEBUG directive and
>             restarted the kamailio. The output is attached to this
>             mail. I hope it helps.
>
>             Best,
>
>
>
>
>
>     -- 
>     Daniel-Constantin Mierla
>     http://www.asipto.com
>
>

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - http://asipto.com/u/katu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121105/27b40b12/attachment-0001.htm>