26 Oct
2006
26 Oct
'06
10:38 a.m.
Hi Greg,
How r you? I have successfully registered polycom soundpointIP phone(430
model) with openser proxy and established communication b/w two polycom
phones via openser server.
The problem that I found was that openser TLS socket closes within 2
minutes,if there is no activity on the socket.Hence polycom phones cannot
establish call successfully everytime.
So I have seen to it that the polycom phones send register request every 80
secs.So this makes the TLS socket on openser to be busy all the
time.Henceconnection will be present b/w openser and polycom phones
all the time.
This along with provision for configuring with sntp server on polycom phone
side also proved useful.
Thanks for your help.
Bye,
Jeevan.
On 10/16/06, Gregoire <mlgg(a)hispeed.ch> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I saw that you use SSLv23, did you try to force TLSv1?
That might be a solution...
jeevan ravula wrote:
Hi Greg, I am sending my openser.cfg. Pls check
it.I am able to
register( without tls) with polycom phones.
Regards, jeevan
---------- Forwarded message ---------- From: Gregoire
<mlgg(a)hispeed.ch> Date: Oct 16, 2006 4:24 PM Subject: Re: [Users]
Registration of Polycom SoundPointIP phone with OpenSER To: jeevan
ravula <jeevanravula(a)gmail.com> Cc: users(a)openser.org
Hi! Could you send your configuration file? Have you check your log
on the server? If you disable TLS, does it work?
Regards
Greg
jeevan ravula wrote:
privkey.pem"
> Hi Gregoire, Thank you for your help.My
certificate has
> validity period of 1 year.I have some interesting observations
> to share
>
> from what you said the clock wasn't the same for openser and
> polycom phone.Ihave set the clock of both openser and polycom
> phone to same.
>
> The polycom phone got registered to openser.
>
> Now I tried communicating b/w two polycom phones via
> openser(with TLS support).The call gets established
> randomly.Initially it was only in one direction but once
> managed to establish in other direction.
>
> But once the phone gets registered to openser proxy,the time
> clock aspect is getting irrelavant.Because each time I boot
> from boot server the clock time changes to default settings but
> still manages to register with openser.
>
> Even though both the polycom phones(soundpointIp 430) are
> register.I am unable to establish communication b/w them.The
> calling party call doesn't get forwarded to the callee.I am
> unable to understand the reason.Can you explain me if possible?
>
>
> Thanks, Jeevan.
>
>
>
>
> On 10/15/06, Gregoire <mlgg(a)hispeed.ch> wrote:
>>
>> Hi! Have you check the validity of the certificate? When it
>> begins, when it ends?Are the clock from Openser and the
>> client the same or are they different from any hours?What
>> ssldump give you as output?
>>
>> Regards
>>
>> Greg jeevan ravula wrote:
>>
>>> Hi all,
>>>
>>> I am using Polycom SoundPointIP phone as User Agent.I want
>>> to
>> register
>>> Polycom phone with OpenSER(with TLS support) server.Can
>>> anybody help me out in this regard?
>>>
>>> I have generated my rootCA and given to polycom phone.The
>>> polycom phone does not accept certificate from openser
>>> server side.It shows bad certificate.
>>>
>>> anybody who has used polycom phone earlier can help me out
>>> in this matter.I shall be greatful to them
>>>
>>> Regards, Jeevan.
>>>
>>>
------------------------------------------------------------------------
>>>
>>>
>>
>>>
>>> _______________________________________________ Users
>>> mailing list Users(a)openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>
----------------------------------------------------------------------
# # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $ #
# simple quick-start config script #
# ----------- global configuration parameters
------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes
log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode #fork=no
#log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R) listen = 172.21.67.46 # Add by
Mohit on 7 Sep port=5060 children=4 fifo="/tmp/openser_fifo"
# # uncomment the following lines for TLS support disable_tls = 0
listen = tls:172.21.67.46:5061 tls_verify = 1
tls_require_certificate = 0 tls_method =SSLv23 #TLSv1
tls_certificate =
"/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-cert.pem"
tls_private_key =
"/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user- tls_ca_list =
"/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-
calist.pem"
tls_handshake_timeout=119 tls_ciphers_list=
"ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:KRB5-RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-RC4-SHA:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:ADH-DES-CBC3-SHA:ADH-RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:NULL-SHA:NULL-MD5"
#"NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" tls_send_timeout=121 #
------------------ module loading
----------------------------------
# Uncomment this if you want to use SQL database #loadmodule
"/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule
"/usr/local/lib/openser/modules/tm.so" loadmodule
"/usr/local/lib/openser/modules/rr.so" loadmodule
"/usr/local/lib/openser/modules/maxfwd.so" loadmodule
"/usr/local/lib/openser/modules/usrloc.so" loadmodule
"/usr/local/lib/openser/modules/registrar.so" loadmodule
"/usr/local/lib/openser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must
be loaded ! #loadmodule "/usr/local/lib/openser/modules/auth.so"
#loadmodule "/usr/local/lib/openser/modules/auth_db.so"
# ----------------- setting module-specific parameters
---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent
storage and comment the previous line #modparam("usrloc",
"db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module #
#modparam("auth_db", "calculate_ha1", yes) # # If you set
"calculate_ha1" parameter to yes (which true in this config), #
uncomment also the following parameter) # #modparam("auth_db",
"password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs
happy #modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic
-------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or
excessively long requests if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big");
exit; };
# we record-route all messages -- to make sure that # subsequent
messages will go through our proxy; that's # particularly good if
upstream and downstream entities # use different transport protocol
if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path
determined by record-routing if (loose_route()) { # mark routing
logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
if (!uri==myself) { # mark routing logic in request
append_hf("P-hint: outbound\r\n"); # if you have some interdomain
connections via TLS #if(uri=~"(a)tls_domain1.net") { #
t_relay_to_tls("IP_domain1","port_domain1"); # exit; #} else
if(uri=~"(a)tls_domain2.net") { #
t_relay_to_tls("IP_domain2","port_domain2"); # exit; #}
route(1); };
# if the request is for other domain use UsrLoc # (in case, it does
not work, use the following command # with proper names and
addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication #if
(!www_authorize("openser.org", "subscriber")) {
#www_challenge("openser.org", "0"); #exit; #};
save("location"); exit; };
lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound
alias\r\n"); route(1); };
# native SIP destinations are handled using our USRLOC DB if
(!lookup("location")) { sl_send_reply("404", "Not Found");
exit; };
append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
route[1] { # send it out now; use stateful forwarding as it works
reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); };
exit; }
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFM4l5I8gmGeMTr0sRAhiwAJ4jEjVdIqllX0si+2I2P58O6jeAZgCfRC4C
MQrEK8DCS25Xn31UrPeZdy8=
=7Tjp
-----END PGP SIGNATURE-----