[Kamailio-Users] Problem with secure TLS call

Klaus Darilion klaus.mailinglists at pernau.at
Tue Mar 23 09:38:00 CET 2010 

Am 23.03.2010 06:08, schrieb Hemanshu Patel:
> lolzzzz
>
> till now i just tried Registration with TLS, today after this mail i
> started testing INVITE and i also came across the same problem
>
> let me explain my case. I have got two grandstream gvx3140 connected to
> kamailio via TLS. via UDP i have successfully tested calls between each
> other.
> Now when i try to call 1000 from 1001, it gives me 404 error message.

404 or 477? There is huge difference!

> Kamailio fails to send Invite message to user 1000. Is it possible that
> kamailio is trying to forward INVITE packet to Contact Address rather then
> the TCP connected which is already established between kamailio and
> grandstream device.

Of course this will happen unless you use the add_contact_alias() and 
handle_ruri_alias() functions as stated in my other email.

btw: Have you tested SIP over TCP? If TCP works, TLS will work too. IF 
TCP does not work, TLS will also not work.

klaus


>
>
> I am attaching the log file.
>
> few things are like:
>
> Mar 23 10:33:43 [2335] DBG:core:tcp_send: after write: c= 0x7f35bdfad988
> n=-1 fd=9
> Mar 23 10:33:43 [2341] DBG:core:io_watch_del: io_watch_del (0x74efe0, 19,
> -1, 0x10) fd_no=2 called
> Mar 23 10:33:43 [2335] DBG:core:tcp_send: buf=
> INVITE sip:1000 at 172.16.17.81:15099;transport=tls;user=phone SIP/2.0
> Record-Route:<sip:172.16.16.218:5091;transport=tls;r2=on;lr=on>
> Record-Route:<sip:172.16.16.218:5090;r2=on;lr=on>
> Via: SIP/2.0/TLS 172.16.16.218:5091;branch=z9hG4bK00843d58
> Via: SIP/2.0/UDP
> 172.16.16.218:5070;received=172.16.16.218;branch=z9hG4bK00843d58;rport=5070
> From: "1001"<sip:1001 at 172.16.16.218:5070>;tag=as60af855f
> To:<sip:1000 at 172.16.16.218:5090>
> Contact:<sip:1001 at 172.16.16.218:5070>
> Call-ID: 15b634d06c6e5d2d63b71fe123c3c640 at 172.16.16.218
> CSeq: 102 INVITE
> User-Agent: PANTHER-SC
> Max-Forwards: 69
> Date: Tue, 23 Mar 2010 05:03:43 GMT
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
> Supported: replaces
> Content-Type: application/sdp
> Content-Length: 580
>
> v=0
> o=root 2126 2126 IN IP4 172.16.16.218
> s=session
> c=IN IP4 172.16.16.218
> t=0 0
> m=audio 11262 RTP/SAVP 0 18 8 101
> a=rtpmap:0 PCMU/8000
> a=rtpmap:18 G729/8000
> a=fmtp:18 annexb=no
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=silenceSupp:off - - - -
> a=ptime:20
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:2FXsAoBFaNzqIwXcyo8EwI81slJDnNpoA6+PkJFY
> a=sendrecv
> m=video 17638 RTP/SAVP 99
> a=rtpmap:99 H264/90000
> a=fmtp:99 profile-level-id=42800d
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:WNjW7f5hxaItleUZMNPv/Ni1ZNQ7A9i4AUhHBBxI
> a=sendrecv
>
> Mar 23 10:33:43 [2341] DBG:core:release_tcpconn:  releasing con
> 0x7f35bdfad988, state -2, fd=19, id=41
> Mar 23 10:33:43 [2335] ERROR:core:tcp_send: failed to send
> Mar 23 10:33:43 [2341] DBG:core:release_tcpconn:  extra_data 0x7f35bdf5d490
> Mar 23 10:33:43 [2335] ERROR:core:msg_send: tcp_send failed
> Mar 23 10:33:43 [2344] DBG:core:handle_ser_child: read response=
> 7f35bdfad988, -2, fd -1 from 2 (2335)
> Mar 23 10:33:43 [2344] DBG:core:tcpconn_destroy: delaying (0x7f35bdfad988,
> flags 0002) ...
> Mar 23 10:33:43 [2335] DBG:sl:sl_reply_error: error text is Send failed
> (477/SL)
> Mar 23 10:33:43 [2344] DBG:core:handle_tcp_child: reader response=
> 7f35bdfad988, -2 from 1
> Mar 23 10:33:43 [2344] DBG:core:tcpconn_destroy: destroying connection
> 0x7f35bdfad988, flags 0002
> Mar 23 10:33:43 [2344] DBG:core:tls_close: closing SSL connection
> Mar 23 10:33:43 [2335] DBG:core:parse_headers: flags=ffffffffffffffff
> Mar 23 10:33:43 [2335] DBG:core:get_hdr_field: found end of header
> Mar 23 10:33:43 [2344] DBG:core:tls_update_fd: New fd is 24
> Mar 23 10:33:43 [2344] DBG:core:tls_shutdown: shutdown successful
> Mar 23 10:33:43 [2335] DBG:core:check_via_address: params 172.
>
>
>
> check where it says tcp_send failed.
>
> i have configure tls section in my kamailio like below:
>
> disable_tls = no
> listen = tls:172.16.16.218:5091
> tls_verify_server = 1
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate =
> "/data/hemanshu/install/kama/etc/kamailio/tls/user/user-cert.pem"
> tls_private_key =
> "/data/hemanshu/install/kama/etc/kamailio/tls/user/user-privkey.pem"
> tls_ca_list     =
> "/data/hemanshu/install/kama/etc/kamailio/tls/user/user-calist.pem"
>
>
> Please let me know if i am making any mistake in configuration or anything
> else?
>
>
>
>
> _______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list