Then how does it work on kamailio-3.2.x without (explicit) tcp? Anyway, I
will keep this in mind in my further kamailio setups.
On Tue, Nov 6, 2012 at 12:18 AM, Daniel-Constantin Mierla <miconda(a)gmail.com
wrote:
> TLS is a security layer in top of TCP, so apparently tcp has to be
> specified as a listening transport layer to make tls work. Starting with
> v3.0.0, tls code is in a module, so the core might not initialize tcp if it
> does not have afferent sockets. Not sure what would take to make it work
> with tls only sockets - but definitely is no impact on resources, because
> the worker processes are the same for tcp and tls.
>
> You can forbid tcp traffic from config file:
>
> if(proto=TCP) {
> send_repply("403", "Not allowed");
> exit;
> }
>
> Cheers,
> Daniel
>
>
> On 11/5/12 11:18 AM, Ramazan Yilmaz wrote:
>
> Keeping listen=tls...., I also included "listen=tcp:127.0.0.1:5060". On
> restart it says,
>
> Listening on
> tcp: 127.0.0.1:5060
> tls: XX.XX.XX.XX [XX.XX.XX.XX]:5061
> Aliases:
> *: XX.XX.XX.XX:*
>
> kamailio started.
>
> And now kamctl ps gives,
>
> Process:: ID=0 PID=931 Type=attendant
> Process:: ID=1 PID=933 Type=slow timer
> Process:: ID=2 PID=934 Type=timer
> Process:: ID=3 PID=935 Type=MI FIFO
> Process:: ID=4 PID=936 Type=ctl handler
> Process:: ID=5 PID=937 Type=MI DATAGRAM
> Process:: ID=6 PID=938 Type=TIMER NH
> Process:: ID=7 PID=939 Type=tcp receiver (generic) child=0
> Process:: ID=8 PID=940 Type=tcp receiver (generic) child=1
> Process:: ID=9 PID=941 Type=tcp receiver (generic) child=2
> Process:: ID=10 PID=942 Type=tcp receiver (generic) child=3
> Process:: ID=11 PID=943 Type=tcp main process
>
> And, now I can register to kamailio :) No error is written in syslog. An
> interesting workaround...
> Is this normal? i.e. is listening on a tcp port mandatory?
>
> On Mon, Nov 5, 2012 at 12:03 PM, Daniel-Constantin Mierla <
> miconda(a)gmail.com
wrote:
>
>> Hello,
>>
>> can you put also:
>>
>> listen=tcp:127.0.0.1:5060
>>
>> ?
>>
>> Cheers,
>> Daniel
>>
>>
>> On Mon, Nov 5, 2012 at 9:31 AM, Ramazan Yilmaz
<ramazan.cs(a)gmail.com>wrote;wrote:
>>
>>> Any idea?
>>> I have shared my tls configuration with you in my previous post, and as
>>> I said, that configuration works with kamailio 3.2.4. After silence of 4
>>> days, do you confirm that it is a bug? If so, how can it be solved? Any
>>> suggestion?
>>>
>>>
>>> On Thu, Nov 1, 2012 at 4:23 PM, Ramazan Yilmaz
<ramazan.cs(a)gmail.com>wrote;wrote:
>>>
>>>> In my kamailio configuration, I already have "#!define
WITH_TLS". And
>>>> some more about my configuration:
>>>>
>>>> listen=tls:XX.XX.XXX.XX:5061
>>>>
>>>> #!ifdef WITH_TLS
>>>> enable_tls=yes
>>>> #!endif
>>>>
>>>> #!ifdef WITH_TLS
>>>> loadmodule "tls.so"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_TLS
>>>> # ----- tls params -----
>>>> modparam("tls", "config",
>>>> "/usr/local/kamailio-3.3/etc/kamailio/tls.cfg")
>>>> #!endif
>>>>
>>>> And my tls.cfg is,
>>>>
>>>> [server:default]
>>>> method = SSLv23
>>>> verify_certificate = no
>>>> require_certificate = no
>>>> private_key = /usr/local/kamailio-3.3/etc/kamailio/kamailio.key
>>>> certificate = /usr/local/kamailio-3.3/etc/kamailio/kamailio.pem
>>>>
>>>> [client:default]
>>>> verify_certificate = yes
>>>> require_certificate = yes
>>>>
>>>> I have just installed kamailio 3.2.4 on some other server to see
>>>> whether the problem is with my configuration/my system or with kamailio
>>>> release. I again installed Ubuntu, and I installed the requested
packages
>>>> via apt-get, as I had done on problematic system. I used exactly the
same
>>>> configuration file, except changing the domain/ip values. And it worked.
>>>> Then I used the same configuration file on some other versions of Ubuntu
>>>> server, and it worked again. So, it really seems as a bug in kamailio.
>>>>
>>>> It seems the worker children cannot be forked for some reason at
>>>> startup, so I enabled WITH_DEBUG directive and restarted the kamailio.
The
>>>> output is attached to this mail. I hope it helps.
>>>>
>>>> Best,
>>>>
>>>
>>>
>>
>>
>> --
>> Daniel-Constantin Mierla
>>
http://www.asipto.com
>>
>
>
> --
> Daniel-Constantin Mierla -
http://www.asipto.comhttp://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Berlin, Nov 5-8, 2012 -
http://asipto.com/u/kat
> Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 -
http://asipto.com/u/katu
>
>