Hi all,
i try to configure an SBC OS config [1] based kamailio 5.2.3 [2] with dispatcher and rtpengine. I used transport=tcp to see the plain traffic and then switched to TLS (with tls.cfg, valid certificate and stuff).
After starting up, the Target is marked as "down". Due the encryption its hard to debug that. Any hints? Did i made an mistake in the configuration?
TLS calls from the target to my kamailio proxy works. So its "half broken" :) at the moment.
[1] https://github.com/voiceboys/sbcOS/blob/master/SbcOS/configs/voice/kamailio/...
[2] kamailio -v version: kamailio 5.2.3 (x86_64/linux) c36229 flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: c36229 compiled on 11:28:11 May 22 2019 with gcc 4.8.5
-- %< --------------------- kamctl dispatcher dump "SET": { "ID": 1004, "TARGETS": [{ "DEST": { "URI": "sip:sip101.example.de;transport=tls", "FLAGS": "TP", "PRIORITY": 0, "ATTRS": { "BODY": "access=212.xx.xx.xx:5061;socket=tls:212.xx.xx.xx:5061;weight=100;ping_from=sip: mykamailio.example.de", "DUID": "", "MAXLOAD": 0, "WEIGHT": 100, "RWEIGHT": 0, "SOCKET": "tls:212.xx.xx.xx:5061" }, "LATENCY": { "AVG": 30000, "STD": 0, "EST": 30000, "MAX": 30000, "TIMEOUT": 1 } } }] } }, -- %< --------------------- kamctl dispatcher dump
WARNING: <script>: Destination down: OPTIONS ru=sip101.example.de;transport=tls du=<null>
-- %< --------------------- tls.cfg [server:default] method = TLSv1 verify_certificate = no require_certificate = no private_key = /etc/pki/tls/private/mykamailio.example.de.pem certificate = /etc/pki/tls/private/mykamailio.example.de.pem server_name = mykamailio.example.de
[server:212.xx.xx.xx:5061] method = TLSv1+ verify_certificate = no require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem certificate = /etc/pki/tls/private/mykamailio.example.de.pem server_name = mykamailio.example.de
# This is the default client domain, settings # in this domain will be used for all outgoing # TLS connections that do not match any other # client domain in this configuration file. # We require that servers present valid certificate. #
[client: 212.xx.xx.xx:5061] method = TLSv1+ verify_certificate = no require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem certificate = /etc/pki/tls/private/mykamailio.example.de.pem server_name = mykamailio.example.de
[client:default] verify_certificate = no require_certificate = no
-- %< --------------------- tls.cfg
Cheers Karsten