[Spce-user] peer using TLS

Daniel Grotti dgrotti at sipwise.com
Fri Apr 10 04:27:00 EDT 2015 

Reason it the TLS, you don't see encrypted message if you make a sip trace.
Please check the kamailio-lb.log to see the message relayed to the
provider in tls.




Daniel Grotti
VoIP Engineer


Sipwise GmbH
Europaring F15 | 2345 Brunn am Gebirge, Austria | www.sipwise.com

On 04/10/2015 10:22 AM, Mykola Zaika wrote:
> Hello,
> In peer settings, I have selected protocol TLS and port 5061. All my
> outgoing packets go inside SipWise (127.0.0.1:5080
> <http://127.0.0.1:5080> -> 127.0.0.1:5060 <http://127.0.0.1:5060>). I
> can`t see any SIp packet from SipWise to provider. What can be the
> reason of it ?
> When I use protocol UDP, I see outgoing packets to provider.
> 
> U 2015/04/10 11:10:52.712509 127.0.0.1:5080 <http://127.0.0.1:5080> ->
> 127.0.0.1:5060 <http://127.0.0.1:5060>
> INVITE sip:0662823314 at 212.58.166.54
> <mailto:sip%3A0662823314 at 212.58.166.54> SIP/2.0'
> Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bKh2LzzaJ0;rport'
> From: <sip:0931700226 at 212.58.166.54
> <mailto:sip%3A0931700226 at 212.58.166.54>>;tag=28CC80E6-5527858C000ADDA5-3C2C2700'
> To: <sip:0662823314 at 212.58.166.54 <mailto:sip%3A0662823314 at 212.58.166.54>>'
> CSeq: 10 INVITE'
> Call-ID: 62ad049116741ff406d5988162f6267d at 10.200.10.15_b2b-1'
> Route:
> <sip:127.0.0.1:5060;received='sip:212.58.166.54:5061;lr;transport=tls';lr>'
> Max-Forwards: 70'
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, SUBSCRIBE, NOTIFY, PUBLISH'
> Supported: replaces'
> P-D-Uri:
> sip:127.0.0.1:5060;received='sip:212.58.166.54:5061;lr;transport=tls''
> Content-Type: application/sdp'
> Contact: <sip:127.0.0.1:5080;transport=udp>'
> Content-Length: 304'
> '
> v=0'
> o=root 1014308804 1014308805 IN IP4 93.178.252.43'
> s=A'
> c=IN IP4 93.178.252.43'
> t=0 0'
> m=audio 34318 RTP/AVP 0 8 101'
> a=rtpmap:0 PCMU/8000'
> a=rtpmap:8 PCMA/8000'
> a=rtpmap:101 telephone-event/8000'
> a=fmtp:101 0-16'
> a=sendrecv'
> a=silenceSupp:off - - - -'
> a=ptime:20'
> a=rtcp:34319'
> a=direction:active'
> 
> 
> -- 
> З повагою,
> Микола Заїка
> Компанія VoIPTime,
> Тел: +380 32 2328022 <tel:%2B380%2032%202328022>
> mzaika at voiptime.net <mailto:mzaika at voiptime.net>
> www.voiptime.net <http://www.voiptime.net>
> 
> 2015-04-07 17:31 GMT+03:00 Mykola Zaika <mzaika at voiptime.net
> <mailto:mzaika at voiptime.net>>:
> 
>     I have done it.
> 
>     how about
>     tlscafile=/etc/asterisk/certificate/ca.pem
>     tlscertfile=/etc/asterisk/certificate/asterisk.pem
> 
>     I found this in /etc/kamailio/tls.cfg    Am I right ?
> 
>     -- 
>     З повагою,
>     Микола Заїка
>     Компанія VoIPTime,
>     Тел: +380 32 2328022 <tel:%2B380%2032%202328022>
>     mzaika at voiptime.net <mailto:mzaika at voiptime.net>
>     www.voiptime.net <http://www.voiptime.net>
> 
>     2015-04-07 17:25 GMT+03:00 Daniel Grotti <dgrotti at sipwise.com
>     <mailto:dgrotti at sipwise.com>>:
> 
>         Hi,
>         in the peering server configuration, you can select the protocol you
>         want to use for the interconnection.
> 
> 
>         Regards,
> 
> 
>         Daniel Grotti
>         VoIP Engineer
> 
> 
>         Sipwise GmbH
>         Europaring F15 | 2345 Brunn am Gebirge, Austria |
>         www.sipwise.com <http://www.sipwise.com>
> 
>         On 04/07/2015 04:20 PM, Mykola Zaika wrote:
>         > Hello,
>         >
>         > How can I setup peer with protocol TLS ?  Can someone share his experience ?
>         >
>         >
>         > Config from Asterisk works:
>         >
>         > [general]
>         >
>         > tlsenable=yes
>         >
>         > tlsbindaddr=client.wan.ip.addr
>         >
>         > tlscafile=/etc/asterisk/certificate/ca.pem
>         >
>         > tlscertfile=/etc/asterisk/certificate/asterisk.pem
>         >
>         > tlscipher=DES-CBC3-SHA
>         >
>         > tlsclientmethod=tlsv1
>         >
>         > tlsdontverifyserver=no
>         >
>         >
>         > register=> tls://044232XXXX:verysecretpass@212.58.166.54:5061
>         <http://044232XXXX:verysecretpass@212.58.166.54:5061>
>         > <http://212.58.166.54:5061>/044232XXXX
>         >
>         >
>         > [044232XXXX]
>         >
>         > type=friend
>         >
>         > username=044232XXXX
>         >
>         > secret=verysecretpass
>         >
>         > host=212.58.166.54 <tel:212.58.166.54>
>         >
>         > port=5061
>         >
>         > fromuser=044232XXXX ;
>         >
>         > transport=tls
>         >
>         > encryption=yes
>         >
>         > context=incoming
>         >
>         > disallow=all
>         >
>         > allow=ulaw
>         >
>         > allow=alaw
>         >
>         >
>         >
>         >
>         >
>         > _______________________________________________
>         > Spce-user mailing list
>         > Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>         > https://lists.sipwise.com/listinfo/spce-user
>         >
>         _______________________________________________
>         Spce-user mailing list
>         Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>         https://lists.sipwise.com/listinfo/spce-user
> 
> 
>

More information about the Spce-user mailing list