Hi Greg,
   How r you?  I have successfully registered polycom soundpointIP phone(430 model) with openser proxy and established communication b/w two polycom phones via openser server.
 
 The problem that I found was that openser TLS socket closes within 2 minutes,if there is no activity on the socket.Hence polycom phones cannot establish call successfully everytime.
 
So I have seen to it that the polycom phones send register request every 80 secs.So this makes the TLS socket on openser to be busy all the time.Hence connection will be present b/w openser and polycom phones all the time.
 
This along with provision for configuring with sntp server on polycom phone side also proved useful.
 
Thanks for your help.
 
Bye,
Jeevan.

 
On 10/16/06, Gregoire <mlgg@hispeed.ch> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!
I saw that you use SSLv23, did you try to force TLSv1?
That might be a solution...
jeevan ravula wrote:
> Hi Greg, I am sending my openser.cfg. Pls check it.I am able to
> register( without tls) with polycom phones.
>
> Regards, jeevan
>
> ---------- Forwarded message ---------- From: Gregoire
> <mlgg@hispeed.ch> Date: Oct 16, 2006 4:24 PM Subject: Re: [Users]
> Registration of Polycom SoundPointIP phone with OpenSER To: jeevan
> ravula <jeevanravula@gmail.com> Cc: users@openser.org
>
> Hi! Could you send your configuration file? Have you check your log
> on the server? If you disable TLS, does it work?
>
> Regards
>
> Greg
>
> jeevan ravula wrote:
>>> Hi Gregoire, Thank you for your help.My certificate has
>>> validity period of 1 year.I have some interesting observations
>>> to share
>>>
>>> from what you said the clock wasn't the same for openser and
>>> polycom phone.Ihave set the clock of both openser and polycom
>>> phone to same.
>>>
>>> The polycom phone got registered to openser.
>>>
>>> Now I tried communicating b/w two polycom phones via
>>> openser(with TLS support).The call gets established
>>> randomly.Initially it was only in one direction but once
>>> managed to establish in other direction.
>>>
>>> But once the phone gets registered to openser proxy,the time
>>> clock aspect is getting irrelavant.Because each time I boot
>>> from boot server the clock time changes to default settings but
>>> still manages to register with openser.
>>>
>>> Even though both the polycom phones(soundpointIp 430) are
>>> register.I am unable to establish communication b/w them.The
>>> calling party call doesn't get forwarded to the callee.I am
>>> unable to understand the reason.Can you explain me if possible?
>>>
>>>
>>> Thanks, Jeevan.
>>>
>>>
>>>
>>>
>>> On 10/15/06, Gregoire < mlgg@hispeed.ch> wrote:
>>>>
>>>> Hi! Have you check the validity of the certificate? When it
>>>> begins, when it ends?Are the clock from Openser and the
>>>> client the same or are they different from any hours?What
>>>> ssldump give you as output?
>>>>
>>>> Regards
>>>>
>>>> Greg jeevan ravula wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I am using Polycom SoundPointIP phone as User Agent.I want
>>>>> to
>>>> register
>>>>> Polycom phone with OpenSER(with TLS support) server.Can
>>>>> anybody help me out in this regard?
>>>>>
>>>>> I have generated my rootCA and given to polycom phone.The
>>>>> polycom phone does not accept certificate from openser
>>>>> server side.It shows bad certificate.
>>>>>
>>>>> anybody who has used polycom phone earlier can help me out
>>>>> in this matter.I shall be greatful to them
>>>>>
>>>>> Regards, Jeevan.
>>>>>
>>>>>
> ------------------------------------------------------------------------
>
>>>>>
>>>>>
>>>>
>>>>>
>>>>> _______________________________________________ Users
>>>>> mailing list Users@openser.org
>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>>
>
>
> ----------------------------------------------------------------------
>
>
> # # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $ #
>  # simple quick-start config script #
>
> # ----------- global configuration parameters
> ------------------------
>
> debug=3            # debug level (cmd line: -dddddddddd) fork=yes
> log_stderror=yes    # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode #fork=no
> #log_stderror=yes */
>
> check_via=no    # (cmd. line: -v) dns=no          # (cmd. line: -r)
>  rev_dns=no      # (cmd. line: -R) listen = 172.21.67.46 # Add by
> Mohit on 7 Sep port=5060 children=4 fifo="/tmp/openser_fifo"
>
> # # uncomment the following lines for TLS support disable_tls = 0
> listen = tls: 172.21.67.46:5061 tls_verify = 1
> tls_require_certificate = 0 tls_method =SSLv23 #TLSv1
> tls_certificate =
> "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user- cert.pem"
>  tls_private_key =
> "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-privkey.pem"
>  tls_ca_list =
> "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user- calist.pem"
>  tls_handshake_timeout=119 tls_ciphers_list=
> "ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:KRB5-RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-RC4-SHA:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:ADH-DES-CBC3-SHA:ADH-RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:NULL-SHA:NULL-MD5"
>  #"NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" tls_send_timeout=121 #
> ------------------ module loading
> ----------------------------------
>
> # Uncomment this if you want to use SQL database #loadmodule
> "/usr/local/lib/openser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule
> "/usr/local/lib/openser/modules/tm.so" loadmodule
> "/usr/local/lib/openser/modules/rr.so" loadmodule
> "/usr/local/lib/openser/modules/maxfwd.so" loadmodule
> "/usr/local/lib/openser/modules/usrloc.so" loadmodule
> "/usr/local/lib/openser/modules/registrar.so" loadmodule
> "/usr/local/lib/openser/modules/textops.so"
>
> # Uncomment this if you want digest authentication # mysql.so must
> be loaded ! #loadmodule "/usr/local/lib/openser/modules/auth.so"
> #loadmodule "/usr/local/lib/openser/modules/auth_db.so"
>
> # ----------------- setting module-specific parameters
> ---------------
>
> # -- usrloc params --
>
> modparam("usrloc", "db_mode",   0)
>
> # Uncomment this if you want to use SQL database # for persistent
> storage and comment the previous line #modparam("usrloc",
> "db_mode", 2)
>
> # -- auth params -- # Uncomment if you are using auth module #
> #modparam("auth_db", "calculate_ha1", yes) # # If you set
> "calculate_ha1" parameter to yes (which true in this config), #
> uncomment also the following parameter) # #modparam("auth_db",
> "password_column", "password")
>
> # -- rr params -- # add value to ;lr param to make some broken UAs
> happy #modparam("rr", "enable_full_lr", 1)
>
> # -------------------------  request routing logic
> -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with # max_forwards==0, or
> excessively long requests if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops"); exit; };
>
> if (msg:len >=  2048 ) { sl_send_reply("513", "Message too big");
> exit; };
>
> # we record-route all messages -- to make sure that # subsequent
> messages will go through our proxy; that's # particularly good if
> upstream and downstream entities # use different transport protocol
>  if (!method=="REGISTER") record_route();
>
> # subsequent messages withing a dialog should take the # path
> determined by record-routing if (loose_route()) { # mark routing
> logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
>
>
> if (!uri==myself) { # mark routing logic in request
> append_hf("P-hint: outbound\r\n"); # if you have some interdomain
> connections via TLS #if(uri=~"@tls_domain1.net") { #
> t_relay_to_tls("IP_domain1","port_domain1"); #    exit; #} else
> if(uri=~"@tls_domain2.net") { #
> t_relay_to_tls("IP_domain2","port_domain2"); #    exit; #}
> route(1); };
>
> # if the request is for other domain use UsrLoc # (in case, it does
> not work, use the following command # with proper names and
> addresses in it) if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication #if
> (!www_authorize("openser.org", "subscriber")) {
> #www_challenge("openser.org", "0"); #exit; #};
>
> save("location"); exit; };
>
> lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound
> alias\r\n"); route(1); };
>
> # native SIP destinations are handled using our USRLOC DB if
> (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; };
>  append_hf("P-hint: usrloc applied\r\n"); };
>
> route(1); }
>
>
> route[1] { # send it out now; use stateful forwarding as it works
> reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); };
> exit; }
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFM4l5I8gmGeMTr0sRAhiwAJ4jEjVdIqllX0si+2I2P58O6jeAZgCfRC4C
MQrEK8DCS25Xn31UrPeZdy8=
=7Tjp
-----END PGP SIGNATURE-----