Re: [Users] Allow only TLS connections

>> Hello, >> >> On 04/13/06 11:52, Christoph Fürstaller wrote: >> >> Hi, >> >> I tried that out. I check if proto is TLS: >> if (proto != TLS) { >> sl_send_reply("403", "Forbidden"); >> exit; >> }; >> >> But I get this error: >> 3(28893) ERROR:tm:add_uac: can't fwd to af 2, proto 1 (no >> corresponding listening socket) >> 3(28893) ERROR:tm:t_forward_nonack: failure to add branches >> 3(28893) ERROR:tm:t_relay_to: t_forward_nonack returned error >> >> What does it mean? What I'm doing wrong? >> My SER is only listening on tls port 5061. Do I still have to open udp >> 5060 ? >> >> >> >> >>> it seems that you try to forward on UDP. >>> >>>

>>> You can configure openser to >>> listen on UDP as well, and drop messages coming on UDP, if you want to >>> accept only TLS. (as you have in above snippet). If all peers you >>> connect to support TLS, then you can forse sending over TLS all the >>> time. >>> Cheers, >>> Daniel >>> >>>

>> Cesc wrote: >> >> >> >> >> >>>>> http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=… >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 4/11/06, Thorsten.Haupt(a)t-systems.com >>>>> <Thorsten.Haupt(a)t-systems.com> wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> I searched for this function, but I didn't found it :-( >>>>>> Knows anyone the correct code, not only pseudo-code? >>>>>> >>>>>> Torsten >>>>>> >>>>>> -----Ursprüngliche Nachricht----- >>>>>> Von: Cesc [mailto:cesc.santa@gmail.com] >>>>>> Gesendet: Dienstag, 11. April 2006 14:03 >>>>>> An: Haupt, Thorsten >>>>>> Cc: users(a)openser.org >>>>>> Betreff: Re: [Users] Allow only TLS connections >>>>>> >>>>>> I think in openser there is a function to check what transport the >>>>>> message came in ... you can do something like: >>>>>> if ( transport != TLS ) { >>>>>> send error to UA >>>>>> break; >>>>>> } >>>>>> >>>>>> Cesc >>>>>> >>>>>> On 4/11/06, Thorsten.Haupt(a)t-systems.com >>>>>> <Thorsten.Haupt(a)t-systems.com> wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I use OpenSER in a testing environment for VoIP security. My >>>>>>> clients >>>>>>> connect via TLS. If I deactivate UDP/5060 on the server, it doesn't >>>>>>> work correct. >>>>>>> Some Clients can't connect and others can't establish calls. I >>>>>>> read in >>>>>>> another thread, that UDP is mandatory for SIP and that the server >>>>>>> need it. >>>>>>> >>>>>>> But how can I prevent users from connecting via UDP and force >>>>>>> them to >>>>>>> use TLS? I tried a firewall, blocking UDP and TCP on port 5060. >>>>>>> But is >>>>>>> this the correct way? Are there any parameters server-side to force >>>>>>> users to connect via TLS? >>>>>>> >>>>>>> Thanks for response. >>>>>>> Torsten >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users(a)openser.org >>>>>>> http://openser.org/cgi-bin/mailman/listinfo/users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users(a)openser.org >>>>>> http://openser.org/cgi-bin/mailman/listinfo/users >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users(a)openser.org >>>>> http://openser.org/cgi-bin/mailman/listinfo/users >>>>> >>>>>