[SR-Users] dispatcher and TLS targets
Karsten Horsmann
khorsmann at gmail.com
Mon Jun 17 19:10:18 CEST 2019
Hi all,
i try to configure an SBC OS config [1] based kamailio 5.2.3 [2] with
dispatcher and rtpengine.
I used transport=tcp to see the plain traffic and then switched to TLS
(with tls.cfg, valid certificate and stuff).
After starting up, the Target is marked as "down".
Due the encryption its hard to debug that.
Any hints? Did i made an mistake in the configuration?
TLS calls from the target to my kamailio proxy works. So its "half broken"
:) at the moment.
[1]
https://github.com/voiceboys/sbcOS/blob/master/SbcOS/configs/voice/kamailio/kamailio.cfg
[2]
kamailio -v
version: kamailio 5.2.3 (x86_64/linux) c36229
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC,
Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024,
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: c36229
compiled on 11:28:11 May 22 2019 with gcc 4.8.5
-- %< --------------------- kamctl dispatcher dump
"SET": {
"ID": 1004,
"TARGETS": [{
"DEST": {
"URI": "sip:sip101.example.de;transport=tls",
"FLAGS": "TP",
"PRIORITY": 0,
"ATTRS": {
"BODY":
"access=212.xx.xx.xx:5061;socket=tls:212.xx.xx.xx:5061;weight=100;ping_from=sip:
mykamailio.example.de",
"DUID": "",
"MAXLOAD": 0,
"WEIGHT": 100,
"RWEIGHT": 0,
"SOCKET": "tls:212.xx.xx.xx:5061"
},
"LATENCY": {
"AVG": 30000,
"STD": 0,
"EST": 30000,
"MAX": 30000,
"TIMEOUT": 1
}
}
}]
}
},
-- %< --------------------- kamctl dispatcher dump
WARNING: <script>: Destination down: OPTIONS
ru=sip101.example.de;transport=tls
du=<null>
-- %< --------------------- tls.cfg
[server:default]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem
certificate = /etc/pki/tls/private/mykamailio.example.de.pem
server_name = mykamailio.example.de
[server:212.xx.xx.xx:5061]
method = TLSv1+
verify_certificate = no
require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem
certificate = /etc/pki/tls/private/mykamailio.example.de.pem
server_name = mykamailio.example.de
# This is the default client domain, settings
# in this domain will be used for all outgoing
# TLS connections that do not match any other
# client domain in this configuration file.
# We require that servers present valid certificate.
#
[client: 212.xx.xx.xx:5061]
method = TLSv1+
verify_certificate = no
require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem
certificate = /etc/pki/tls/private/mykamailio.example.de.pem
server_name = mykamailio.example.de
[client:default]
verify_certificate = no
require_certificate = no
-- %< --------------------- tls.cfg
Cheers Karsten
--
Mit freundlichen Grüßen
*Karsten Horsmann*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190617/6a4fe4c4/attachment.html>
More information about the sr-users
mailing list