[SR-Users] Strange TLS problem
Pete Kelly
pkelly at gmail.com
Wed Oct 14 16:43:12 CEST 2015
Thanks Daniel
for auto generated messages like dispatcher OPTIONS, would the message need
to be picked up in local route and the flags set?
On 14 October 2015 at 14:16, Daniel-Constantin Mierla <miconda at gmail.com>
wrote:
> Hello,
>
> I don't have the time to look at the code right now, but I remember that I
> still have to tune some matching there, because the local port allocated is
> random by the OS. One of the solutions was to set the server name in
> tls.cfg and then set it via xavp_cfg (see tls parameters) before relaying.
> Another one is to set the port to 0 in tls config, so the port is no longer
> matched.
>
> My plan was to enable matching the ip:port based on a value stored in
> xavp_cfg, but got distracted by other tasks and forgot about it.
>
> Cheers,
> Daniel
>
>
> On 14/10/15 12:40, Pete Kelly wrote:
>
> Hi
>
> I am trying to use the [client] directives in tls.cfg for the first time.
> For my configuration I need to connect to 2 servers, both via TLS and both
> using different certs.
>
> I have defined an entry in tls.cfg like
>
> [client:1.2.3.4:5061]
> [client:5.6.7.8:5071]
>
> and I also have an entry in dispatcher tables for each server using the
> URI format
>
> sip:1.2.3.4:5061;transport=tls
>
> With this configuration, I expect dispatcher to send OPTIONS to each
> server, and Kamailio to resolve the host in dispatcher to the correct
> client section of tls.cfg and negotiate a connection.
>
> However this is not happening. Dispatcher module is trying to send OPTIONS
> as expected, and it is using TLS as expected but it is not using the
> correct [client] section from tls.cfg. Instead it is always falling back to
> [client:default], and if that is not present it then tries to look for some
> internal Kamailio defaults.
>
> Has anyone come across this issue before? Debug logs don't yield anything
> useful, however my suspicion is that Kamailio may be trying to match
> "sip:1.2.3.4:5061;transport=tls" from dispatcher module to "1.2.3.4:5061"
> from tls.cfg.
>
> Any help or advice would be appreciated
>
> Regards
> Pete
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> --
> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151014/8a02c0a1/attachment.html>
More information about the sr-users
mailing list