[Spce-user] peer using TLS

Mykola Zaika mzaika at voiptime.net
Fri Apr 10 06:04:23 EDT 2015


Thank You, Daniel.

Everything works.

-- 
З повагою,
Микола Заїка
Компанія VoIPTime,
Тел: +380 32 2328022
mzaika at voiptime.net
www.voiptime.net

2015-04-10 11:27 GMT+03:00 Daniel Grotti <dgrotti at sipwise.com>:

> Reason it the TLS, you don't see encrypted message if you make a sip trace.
> Please check the kamailio-lb.log to see the message relayed to the
> provider in tls.
>
>
>
>
> Daniel Grotti
> VoIP Engineer
>
>
> Sipwise GmbH
> Europaring F15 | 2345 Brunn am Gebirge, Austria | www.sipwise.com
>
> On 04/10/2015 10:22 AM, Mykola Zaika wrote:
> > Hello,
> > In peer settings, I have selected protocol TLS and port 5061. All my
> > outgoing packets go inside SipWise (127.0.0.1:5080
> > <http://127.0.0.1:5080> -> 127.0.0.1:5060 <http://127.0.0.1:5060>). I
> > can`t see any SIp packet from SipWise to provider. What can be the
> > reason of it ?
> > When I use protocol UDP, I see outgoing packets to provider.
> >
> > U 2015/04/10 11:10:52.712509 127.0.0.1:5080 <http://127.0.0.1:5080> ->
> > 127.0.0.1:5060 <http://127.0.0.1:5060>
> > INVITE sip:0662823314 at 212.58.166.54
> > <mailto:sip%3A0662823314 at 212.58.166.54> SIP/2.0'
> > Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bKh2LzzaJ0;rport'
> > From: <sip:0931700226 at 212.58.166.54
> > <mailto:sip%3A0931700226 at 212.58.166.54
> >>;tag=28CC80E6-5527858C000ADDA5-3C2C2700'
> > To: <sip:0662823314 at 212.58.166.54 <mailto:sip%3A0662823314 at 212.58.166.54
> >>'
> > CSeq: 10 INVITE'
> > Call-ID: 62ad049116741ff406d5988162f6267d at 10.200.10.15_b2b-1'
> > Route:
> > <sip:127.0.0.1:5060;received='sip:212.58.166.54
> :5061;lr;transport=tls';lr>'
> > Max-Forwards: 70'
> > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, SUBSCRIBE, NOTIFY, PUBLISH'
> > Supported: replaces'
> > P-D-Uri:
> > sip:127.0.0.1:5060;received='sip:212.58.166.54:5061;lr;transport=tls''
> > Content-Type: application/sdp'
> > Contact: <sip:127.0.0.1:5080;transport=udp>'
> > Content-Length: 304'
> > '
> > v=0'
> > o=root 1014308804 1014308805 IN IP4 93.178.252.43'
> > s=A'
> > c=IN IP4 93.178.252.43'
> > t=0 0'
> > m=audio 34318 RTP/AVP 0 8 101'
> > a=rtpmap:0 PCMU/8000'
> > a=rtpmap:8 PCMA/8000'
> > a=rtpmap:101 telephone-event/8000'
> > a=fmtp:101 0-16'
> > a=sendrecv'
> > a=silenceSupp:off - - - -'
> > a=ptime:20'
> > a=rtcp:34319'
> > a=direction:active'
> >
> >
> > --
> > З повагою,
> > Микола Заїка
> > Компанія VoIPTime,
> > Тел: +380 32 2328022 <tel:%2B380%2032%202328022>
> > mzaika at voiptime.net <mailto:mzaika at voiptime.net>
> > www.voiptime.net <http://www.voiptime.net>
> >
> > 2015-04-07 17:31 GMT+03:00 Mykola Zaika <mzaika at voiptime.net
> > <mailto:mzaika at voiptime.net>>:
> >
> >     I have done it.
> >
> >     how about
> >     tlscafile=/etc/asterisk/certificate/ca.pem
> >     tlscertfile=/etc/asterisk/certificate/asterisk.pem
> >
> >     I found this in /etc/kamailio/tls.cfg    Am I right ?
> >
> >     --
> >     З повагою,
> >     Микола Заїка
> >     Компанія VoIPTime,
> >     Тел: +380 32 2328022 <tel:%2B380%2032%202328022>
> >     mzaika at voiptime.net <mailto:mzaika at voiptime.net>
> >     www.voiptime.net <http://www.voiptime.net>
> >
> >     2015-04-07 17:25 GMT+03:00 Daniel Grotti <dgrotti at sipwise.com
> >     <mailto:dgrotti at sipwise.com>>:
> >
> >         Hi,
> >         in the peering server configuration, you can select the protocol
> you
> >         want to use for the interconnection.
> >
> >
> >         Regards,
> >
> >
> >         Daniel Grotti
> >         VoIP Engineer
> >
> >
> >         Sipwise GmbH
> >         Europaring F15 | 2345 Brunn am Gebirge, Austria |
> >         www.sipwise.com <http://www.sipwise.com>
> >
> >         On 04/07/2015 04:20 PM, Mykola Zaika wrote:
> >         > Hello,
> >         >
> >         > How can I setup peer with protocol TLS ?  Can someone share
> his experience ?
> >         >
> >         >
> >         > Config from Asterisk works:
> >         >
> >         > [general]
> >         >
> >         > tlsenable=yes
> >         >
> >         > tlsbindaddr=client.wan.ip.addr
> >         >
> >         > tlscafile=/etc/asterisk/certificate/ca.pem
> >         >
> >         > tlscertfile=/etc/asterisk/certificate/asterisk.pem
> >         >
> >         > tlscipher=DES-CBC3-SHA
> >         >
> >         > tlsclientmethod=tlsv1
> >         >
> >         > tlsdontverifyserver=no
> >         >
> >         >
> >         > register=> tls://044232XXXX:verysecretpass@212.58.166.54:5061
> >         <http://044232XXXX:verysecretpass@212.58.166.54:5061>
> >         > <http://212.58.166.54:5061>/044232XXXX
> >         >
> >         >
> >         > [044232XXXX]
> >         >
> >         > type=friend
> >         >
> >         > username=044232XXXX
> >         >
> >         > secret=verysecretpass
> >         >
> >         > host=212.58.166.54 <tel:212.58.166.54>
> >         >
> >         > port=5061
> >         >
> >         > fromuser=044232XXXX ;
> >         >
> >         > transport=tls
> >         >
> >         > encryption=yes
> >         >
> >         > context=incoming
> >         >
> >         > disallow=all
> >         >
> >         > allow=ulaw
> >         >
> >         > allow=alaw
> >         >
> >         >
> >         >
> >         >
> >         >
> >         > _______________________________________________
> >         > Spce-user mailing list
> >         > Spce-user at lists.sipwise.com <mailto:
> Spce-user at lists.sipwise.com>
> >         > https://lists.sipwise.com/listinfo/spce-user
> >         >
> >         _______________________________________________
> >         Spce-user mailing list
> >         Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
> >         https://lists.sipwise.com/listinfo/spce-user
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20150410/bc7de956/attachment-0001.html>


More information about the Spce-user mailing list