[SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio
Carlos Mestanza T.
mestacart at gmail.com
Thu Jan 7 21:41:44 CET 2021
I am a friend of Willy and we are doing this integration, today I create
wildcard certificates in letsencrypt, for this use acme.sh and integrate it
with the DNS CLOUDNS provider, the certificates were generated
successfully, we replace the old ones, in the LOGs it gives us
understanding q accept the certificates.
[image: image.png]
[image: image.png]
But he has the same messages.
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc14a8cf8 r: 0x7fdfc14a8e20 (-1)
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.7.24
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1494d20 r: 0x7fdfc1494e48 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 8:08, <rob.van.den.bulk at gmail.com> escribió:
> I Used this tls.cfg
>
>
>
> Use bc2025.pem as extra, Microsoft needs this…
>
>
>
> And works fine on different Kamailio-msteams sbcs
>
>
>
>
>
> [server:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
>
> certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
>
> ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
>
> server_name = sbc.combivoipdom.nl
>
>
>
> [client:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
>
> certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
>
> ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
>
>
>
>
>
>
>
> Cheers Rob
>
>
>
> *Van:* sr-users <sr-users-bounces at lists.kamailio.org> *Namens *Daniel-Constantin
> Mierla
> *Verzonden:* donderdag 7 januari 2021 08:53
> *Aan:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>;
> Willy Valles Rios <willyvalles17 at gmail.com>
> *CC:* Carlos Mestanza T. <mestacart at gmail.com>
> *Onderwerp:* Re: [SR-Users] Problems establishing SIP signaling between
> MsTeams and Kamailio
>
>
>
> Does this happen when Kamailio connects to MS Teams? The logs indicate the
> received TLS certificate is not trusted:
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
>
>
> You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide
> more hints. For me it worked fine with Letsencrypt certs in Kamailio and
> accepting what ever MS sent back. I used Debian 10 and libssl 1.1.
>
>
>
> Cheers,
> Daniel
>
>
>
> On 06.01.21 21:47, Willy Valles Rios wrote:
>
> Hello community,
>
>
>
> I am having trouble establishing SIP signaling between MsTeams and
> Kamailio. I currently have this configuration in my tls.cfg file
>
>
>
> [server: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
>
> [client: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
>
> My domain was certified with ssl through an authoritative certifier
> (GoDaddy), however I see these errors in the / var / log / messages of the
> Kamailio server.
>
>
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:389]: mod_init(): With ECDH-Support!
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:392]: mod_init(): With Diffie Hellman
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
> "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
> compression: on
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
> "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
> compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
> -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
> -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
> -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
> -DECP_NISTZ256_ASM
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
> [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
> low memory) workaround enabled (on low memory tls operations will fail
> preemptively) with free memory thresholds 13107200 and 6553600 bytes
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
> changed to 13107200
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
> changed to 6553600
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg
> size: 4194304
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
> 212992
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
> 425984
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
> [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
> handler for socket [:0], server_name='' ...
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
> certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
> certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
> [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
> [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
> watch method (config)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
>
>
> Could you help me identify the problem please.
>
>
>
> Cheers
>
>
>
> Saludos Cordiales
>
> --
>
> *Willy Valles Rios*
>
> *Unified Communications Specialist*
>
>
>
> phone: +51955747343
>
> em at il: willyvalles17 at gmail.com
>
>
>
> _______________________________________________
>
> Kamailio (SER) - Users Mailing List
>
> sr-users at lists.kamailio.org
>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
>
> Daniel-Constantin Mierla -- www.asipto.com
>
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>
> Funding: https://www.paypal.me/dcmierla
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210107/bb92c4ae/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 5460 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210107/bb92c4ae/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 6528 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210107/bb92c4ae/attachment-0003.png>
More information about the sr-users
mailing list