Re: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio

Hallo, warning from Microsoft is "normal" till the first calls are established. Sent from mobile, with due apologies for brevity and errors. Rob van den Bulk ________________________________ From: Carlos Mestanza T. &lt;mestacart(a)gmail.com&gt; Sent: Thursday, January 7, 2021 9:41:44 PM To: rob.van.den.bulk(a)gmail.com &lt;rob.van.den.bulk(a)gmail.com&gt; Cc: miconda(a)gmail.com &lt;miconda(a)gmail.com&gt;om>; Kamailio (SER) - Users Mailing List &lt;sr-users(a)lists.kamailio.org&gt; Subject: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio I am a friend of Willy and we are doing this integration, today I create wildcard certificates in letsencrypt, for this use acme.sh and integrate it with the DNS CLOUDNS provider, the certificates were generated successfully, we replace the old ones, in the LOGs it gives us understanding q accept the certificates. [image.png] [image.png] But he has the same messages. Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fdfc14a8cf8 r: 0x7fdfc14a8e20 (-1) Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.7.24 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1) Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24 Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1) Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46 Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fdfc1494d20 r: 0x7fdfc1494e48 (-1) Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70 Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Atentamente Adalberto Carlos Mestanza T. El jue, 7 ene 2021 a las 8:08, <rob.van.den.bulk@gmail.com<mailto:rob.van.den.bulk@gmail.com>> escribió: I Used this tls.cfg Use bc2025.pem as extra, Microsoft needs this… And works fine on different Kamailio-msteams sbcs [server:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem server_name = sbc.combivoipdom.nl<http://sbc.combivoipdom.nl> [client:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem Cheers Rob Van: sr-users <sr-users-bounces@lists.kamailio.org<mailto:sr-users-bounces@lists.kamailio.org>> Namens Daniel-Constantin Mierla Verzonden: donderdag 7 januari 2021 08:53 Aan: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>>; Willy Valles Rios <willyvalles17@gmail.com<mailto:willyvalles17@gmail.com>> CC: Carlos Mestanza T. <mestacart@gmail.com<mailto:mestacart@gmail.com>> Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio Does this happen when Kamailio connects to MS Teams? The logs indicate the received TLS certificate is not trusted: Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide more hints. For me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl 1.1. Cheers, Daniel On 06.01.21 21:47, Willy Valles Rios wrote: Hello community, I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently have this configuration in my tls.cfg file [server: default] method = TLSv1.2 + verify_certificate = yes require_certificate = yes private_key = /etc/kamailio/certificates/private-key.pem certificate = /etc/kamailio/certificates/certificate.pem [client: default] method = TLSv1.2 + verify_certificate = yes require_certificate = yes private_key = /etc/kamailio/certificates/private-key.pem certificate = /etc/kamailio/certificates/certificate.pem My domain was certified with ssl through an authoritative certifier (GoDaddy), however I see these errors in the / var / log / messages of the Kamailio server. Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, compression: on Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 13107200 and 6553600 bytes Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg size: 4194304 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially 212992 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs: certificate='/etc/kamailio/certificados/certificate.pem' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs: private_key='/etc/kamailio/certificados/private-key.pem' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='' ... Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid certificate Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc: certificate='/etc/kamailio/certificados/certificate.pem' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc: private_key='/etc/kamailio/certificados/private-key.pem' Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid certificate Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422 Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config) Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24 Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1) Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46 Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1) Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70 Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1) Could you help me identify the problem please. Cheers Saludos Cordiales -- Willy Valles Rios Unified Communications Specialist phone: +51955747343 em@il: willyvalles17@gmail.com<mailto:willyvalles17@gmail.com> _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com> www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda> Funding: https://www.paypal.me/dcmierla