Then how does it work on kamailio-3.2.x without (explicit) tcp? Anyway, I will keep this in mind in my further kamailio setups.
On Tue, Nov 6, 2012 at 12:18 AM, Daniel-Constantin Mierla <miconda@gmail.com
wrote:
TLS is a security layer in top of TCP, so apparently tcp has to be specified as a listening transport layer to make tls work. Starting with v3.0.0, tls code is in a module, so the core might not initialize tcp if it does not have afferent sockets. Not sure what would take to make it work with tls only sockets - but definitely is no impact on resources, because the worker processes are the same for tcp and tls.
You can forbid tcp traffic from config file:
if(proto=TCP) { send_repply("403", "Not allowed"); exit; }
Cheers, Daniel
On 11/5/12 11:18 AM, Ramazan Yilmaz wrote:
Keeping listen=tls...., I also included "listen=tcp:127.0.0.1:5060". On restart it says,
Listening on tcp: 127.0.0.1:5060 tls: XX.XX.XX.XX [XX.XX.XX.XX]:5061 Aliases: *: XX.XX.XX.XX:*
kamailio started.
And now kamctl ps gives,
Process:: ID=0 PID=931 Type=attendant Process:: ID=1 PID=933 Type=slow timer Process:: ID=2 PID=934 Type=timer Process:: ID=3 PID=935 Type=MI FIFO Process:: ID=4 PID=936 Type=ctl handler Process:: ID=5 PID=937 Type=MI DATAGRAM Process:: ID=6 PID=938 Type=TIMER NH Process:: ID=7 PID=939 Type=tcp receiver (generic) child=0 Process:: ID=8 PID=940 Type=tcp receiver (generic) child=1 Process:: ID=9 PID=941 Type=tcp receiver (generic) child=2 Process:: ID=10 PID=942 Type=tcp receiver (generic) child=3 Process:: ID=11 PID=943 Type=tcp main process
And, now I can register to kamailio :) No error is written in syslog. An interesting workaround... Is this normal? i.e. is listening on a tcp port mandatory?
On Mon, Nov 5, 2012 at 12:03 PM, Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello,
can you put also:
listen=tcp:127.0.0.1:5060
?
Cheers, Daniel
On Mon, Nov 5, 2012 at 9:31 AM, Ramazan Yilmaz ramazan.cs@gmail.comwrote:
Any idea? I have shared my tls configuration with you in my previous post, and as I said, that configuration works with kamailio 3.2.4. After silence of 4 days, do you confirm that it is a bug? If so, how can it be solved? Any suggestion?
On Thu, Nov 1, 2012 at 4:23 PM, Ramazan Yilmaz ramazan.cs@gmail.comwrote:
In my kamailio configuration, I already have "#!define WITH_TLS". And some more about my configuration:
listen=tls:XX.XX.XXX.XX:5061
#!ifdef WITH_TLS enable_tls=yes #!endif
#!ifdef WITH_TLS loadmodule "tls.so" #!endif
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/usr/local/kamailio-3.3/etc/kamailio/tls.cfg") #!endif
And my tls.cfg is,
[server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /usr/local/kamailio-3.3/etc/kamailio/kamailio.key certificate = /usr/local/kamailio-3.3/etc/kamailio/kamailio.pem
[client:default] verify_certificate = yes require_certificate = yes
I have just installed kamailio 3.2.4 on some other server to see whether the problem is with my configuration/my system or with kamailio release. I again installed Ubuntu, and I installed the requested packages via apt-get, as I had done on problematic system. I used exactly the same configuration file, except changing the domain/ip values. And it worked. Then I used the same configuration file on some other versions of Ubuntu server, and it worked again. So, it really seems as a bug in kamailio.
It seems the worker children cannot be forked for some reason at startup, so I enabled WITH_DEBUG directive and restarted the kamailio. The output is attached to this mail. I hope it helps.
Best,
-- Daniel-Constantin Mierla http://www.asipto.com
-- Daniel-Constantin Mierla - http://www.asipto.comhttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - http://asipto.com/u/katu