Re: [Users] Allow only TLS connections

Hello, On 04/13/06 11:52, Christoph Fürstaller wrote: Hi, I tried that out. I check if proto is TLS: if (proto != TLS) { sl_send_reply("403", "Forbidden"); exit; }; But I get this error: 3(28893) ERROR:tm:add_uac: can't fwd to af 2, proto 1 (no corresponding listening socket) 3(28893) ERROR:tm:t_forward_nonack: failure to add branches 3(28893) ERROR:tm:t_relay_to: t_forward_nonack returned error What does it mean? What I'm doing wrong? My SER is only listening on tls port 5061. Do I still have to open udp 5060 ? > it seems that you try to forward on UDP. >

> You can configure openser to > listen on UDP as well, and drop messages coming on UDP, if you want to > accept only TLS. (as you have in above snippet). If all peers you > connect to support TLS, then you can forse sending over TLS all the time. > > Cheers, > Daniel >

Cesc wrote: >>> http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=… >>> >>> >>> >>> >>> On 4/11/06, Thorsten.Haupt(a)t-systems.com >>> <Thorsten.Haupt(a)t-systems.com> wrote: >>> >>> >>> >>> >>>> I searched for this function, but I didn't found it :-( >>>> Knows anyone the correct code, not only pseudo-code? >>>> >>>> Torsten >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: Cesc [mailto:cesc.santa@gmail.com] >>>> Gesendet: Dienstag, 11. April 2006 14:03 >>>> An: Haupt, Thorsten >>>> Cc: users(a)openser.org >>>> Betreff: Re: [Users] Allow only TLS connections >>>> >>>> I think in openser there is a function to check what transport the >>>> message came in ... you can do something like: >>>> if ( transport != TLS ) { >>>> send error to UA >>>> break; >>>> } >>>> >>>> Cesc >>>> >>>> On 4/11/06, Thorsten.Haupt(a)t-systems.com >>>> <Thorsten.Haupt(a)t-systems.com> wrote: >>>> >>>> >>>> >>>> >>>>> Hello, >>>>> >>>>> I use OpenSER in a testing environment for VoIP security. My clients >>>>> connect via TLS. If I deactivate UDP/5060 on the server, it doesn't >>>>> work correct. >>>>> Some Clients can't connect and others can't establish calls. I read in >>>>> another thread, that UDP is mandatory for SIP and that the server >>>>> need it. >>>>> >>>>> But how can I prevent users from connecting via UDP and force them to >>>>> use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is >>>>> this the correct way? Are there any parameters server-side to force >>>>> users to connect via TLS? >>>>> >>>>> Thanks for response. >>>>> Torsten >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users(a)openser.org >>>>> http://openser.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users(a)openser.org >>>> http://openser.org/cgi-bin/mailman/listinfo/users >>>> >>>> >>>> >>> _______________________________________________ >>> Users mailing list >>> Users(a)openser.org >>> http://openser.org/cgi-bin/mailman/listinfo/users >>> >>>