[Users] Registration of Polycom SoundPointIP phone with OpenSER

Gregoire mlgg at hispeed.ch
Mon Oct 16 15:30:34 CEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!
I saw that you use SSLv23, did you try to force TLSv1?
That might be a solution...
jeevan ravula wrote:
> Hi Greg, I am sending my openser.cfg. Pls check it.I am able to
> register( without tls) with polycom phones.
>
> Regards, jeevan
>
> ---------- Forwarded message ---------- From: Gregoire
> <mlgg at hispeed.ch> Date: Oct 16, 2006 4:24 PM Subject: Re: [Users]
> Registration of Polycom SoundPointIP phone with OpenSER To: jeevan
> ravula <jeevanravula at gmail.com> Cc: users at openser.org
>
> Hi! Could you send your configuration file? Have you check your log
> on the server? If you disable TLS, does it work?
>
> Regards
>
> Greg
>
> jeevan ravula wrote:
>>> Hi Gregoire, Thank you for your help.My certificate has
>>> validity period of 1 year.I have some interesting observations
>>> to share
>>>
>>> from what you said the clock wasn't the same for openser and
>>> polycom phone.Ihave set the clock of both openser and polycom
>>> phone to same.
>>>
>>> The polycom phone got registered to openser.
>>>
>>> Now I tried communicating b/w two polycom phones via
>>> openser(with TLS support).The call gets established
>>> randomly.Initially it was only in one direction but once
>>> managed to establish in other direction.
>>>
>>> But once the phone gets registered to openser proxy,the time
>>> clock aspect is getting irrelavant.Because each time I boot
>>> from boot server the clock time changes to default settings but
>>> still manages to register with openser.
>>>
>>> Even though both the polycom phones(soundpointIp 430) are
>>> register.I am unable to establish communication b/w them.The
>>> calling party call doesn't get forwarded to the callee.I am
>>> unable to understand the reason.Can you explain me if possible?
>>>
>>>
>>> Thanks, Jeevan.
>>>
>>>
>>>
>>>
>>> On 10/15/06, Gregoire <mlgg at hispeed.ch> wrote:
>>>>
>>>> Hi! Have you check the validity of the certificate? When it
>>>> begins, when it ends?Are the clock from Openser and the
>>>> client the same or are they different from any hours?What
>>>> ssldump give you as output?
>>>>
>>>> Regards
>>>>
>>>> Greg jeevan ravula wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I am using Polycom SoundPointIP phone as User Agent.I want
>>>>> to
>>>> register
>>>>> Polycom phone with OpenSER(with TLS support) server.Can
>>>>> anybody help me out in this regard?
>>>>>
>>>>> I have generated my rootCA and given to polycom phone.The
>>>>> polycom phone does not accept certificate from openser
>>>>> server side.It shows bad certificate.
>>>>>
>>>>> anybody who has used polycom phone earlier can help me out
>>>>> in this matter.I shall be greatful to them
>>>>>
>>>>> Regards, Jeevan.
>>>>>
>>>>>
> ------------------------------------------------------------------------
>
>>>>>
>>>>>
>>>>
>>>>>
>>>>> _______________________________________________ Users
>>>>> mailing list Users at openser.org
>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>>
>
>
> ----------------------------------------------------------------------
>
>
> # # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $ #
>  # simple quick-start config script #
>
> # ----------- global configuration parameters
> ------------------------
>
> debug=3            # debug level (cmd line: -dddddddddd) fork=yes
> log_stderror=yes    # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode #fork=no
> #log_stderror=yes */
>
> check_via=no    # (cmd. line: -v) dns=no          # (cmd. line: -r)
>  rev_dns=no      # (cmd. line: -R) listen = 172.21.67.46 # Add by
> Mohit on 7 Sep port=5060 children=4 fifo="/tmp/openser_fifo"
>
> # # uncomment the following lines for TLS support disable_tls = 0
> listen = tls:172.21.67.46:5061 tls_verify = 1
> tls_require_certificate = 0 tls_method =SSLv23 #TLSv1
> tls_certificate =
> "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-cert.pem"
>  tls_private_key =
> "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-privkey.pem"
>  tls_ca_list =
> "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-calist.pem"
>  tls_handshake_timeout=119 tls_ciphers_list=
> "ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:KRB5-RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-RC4-SHA:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:ADH-DES-CBC3-SHA:ADH-RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:NULL-SHA:NULL-MD5"
>  #"NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" tls_send_timeout=121 #
> ------------------ module loading
> ----------------------------------
>
> # Uncomment this if you want to use SQL database #loadmodule
> "/usr/local/lib/openser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule
> "/usr/local/lib/openser/modules/tm.so" loadmodule
> "/usr/local/lib/openser/modules/rr.so" loadmodule
> "/usr/local/lib/openser/modules/maxfwd.so" loadmodule
> "/usr/local/lib/openser/modules/usrloc.so" loadmodule
> "/usr/local/lib/openser/modules/registrar.so" loadmodule
> "/usr/local/lib/openser/modules/textops.so"
>
> # Uncomment this if you want digest authentication # mysql.so must
> be loaded ! #loadmodule "/usr/local/lib/openser/modules/auth.so"
> #loadmodule "/usr/local/lib/openser/modules/auth_db.so"
>
> # ----------------- setting module-specific parameters
> ---------------
>
> # -- usrloc params --
>
> modparam("usrloc", "db_mode",   0)
>
> # Uncomment this if you want to use SQL database # for persistent
> storage and comment the previous line #modparam("usrloc",
> "db_mode", 2)
>
> # -- auth params -- # Uncomment if you are using auth module #
> #modparam("auth_db", "calculate_ha1", yes) # # If you set
> "calculate_ha1" parameter to yes (which true in this config), #
> uncomment also the following parameter) # #modparam("auth_db",
> "password_column", "password")
>
> # -- rr params -- # add value to ;lr param to make some broken UAs
> happy #modparam("rr", "enable_full_lr", 1)
>
> # -------------------------  request routing logic
> -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with # max_forwards==0, or
> excessively long requests if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops"); exit; };
>
> if (msg:len >=  2048 ) { sl_send_reply("513", "Message too big");
> exit; };
>
> # we record-route all messages -- to make sure that # subsequent
> messages will go through our proxy; that's # particularly good if
> upstream and downstream entities # use different transport protocol
>  if (!method=="REGISTER") record_route();
>
> # subsequent messages withing a dialog should take the # path
> determined by record-routing if (loose_route()) { # mark routing
> logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
>
>
> if (!uri==myself) { # mark routing logic in request
> append_hf("P-hint: outbound\r\n"); # if you have some interdomain
> connections via TLS #if(uri=~"@tls_domain1.net") { #
> t_relay_to_tls("IP_domain1","port_domain1"); #    exit; #} else
> if(uri=~"@tls_domain2.net") { #
> t_relay_to_tls("IP_domain2","port_domain2"); #    exit; #}
> route(1); };
>
> # if the request is for other domain use UsrLoc # (in case, it does
> not work, use the following command # with proper names and
> addresses in it) if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication #if
> (!www_authorize("openser.org", "subscriber")) {
> #www_challenge("openser.org", "0"); #exit; #};
>
> save("location"); exit; };
>
> lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound
> alias\r\n"); route(1); };
>
> # native SIP destinations are handled using our USRLOC DB if
> (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; };
>  append_hf("P-hint: usrloc applied\r\n"); };
>
> route(1); }
>
>
> route[1] { # send it out now; use stateful forwarding as it works
> reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); };
> exit; }
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFM4l5I8gmGeMTr0sRAhiwAJ4jEjVdIqllX0si+2I2P58O6jeAZgCfRC4C
MQrEK8DCS25Xn31UrPeZdy8=
=7Tjp
-----END PGP SIGNATURE-----

More information about the Users mailing list