23 Mar
2006
23 Mar
'06
3:02 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Bogdan,
I still get the same 'error' with another phone. A snom 190. If I
connect it to an TLS only SER I get thd "500 I'm terribly sorry,
server error occurred (7/TM)". If I open up
UDP as well the phone registeres fine with SER.
I read another posting which sayes: " If I remember correctly the RFC,
UDP is mandatory for a SIP server" Is this correct? I don't know it.
I attached my cfg. It's the one coming with tls-openSER and i think
you wrote it : )
chris...
Bogdan-Andrei Iancu schrieb:
Hi Chris,
does the error persist? if so, please let me know what relaying
function are you using, in what format and what is the RURI.
regards, bogdan
Christoph Fürstaller wrote:
Hi Bogdan,
I think I found a way to connect minisip to SER. I had to open up a
UDP Port (5060) as well. Then minisip is registering imidiatly.
(didn't changed a think in openser.cfg). But why do I have to do
that? I captured all the traffic, but there is nothing transmitted
in cleartext (sip) everything is encypted. I also upgraded to the
lates cvs version. (tried this with/without the UDP Port)
The only thing i'm checking in the cfg is authentication against
mysql db. Nothing more.
chris...
chris... Bogdan-Andrei Iancu schrieb:
------------------------------------------------------------------------
_______________________________________________ Users mailing list
Users(a)openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-----BEGIN
PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEIv7sR0exH8dhr/YRAoOtAJ9Egs5+ZruqyE255q/y5w0rtpE1nACfWJeQ
2KtC2KAY1/yvrcshw3h+n5I=
=sBO1
-----END PGP SIGNATURE-----
#
# $Id: openser.cfg,v 1.6 2006/02/15 18:23:46 bogdan_iancu Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=10 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
children=4
fifo="/tmp/openser_fifo"
#
# uncomment the following lines for TLS support
disable_tls = 0
listen = udp:192.168.20.156:5060
listen = tls:192.168.6820.156:5061
#tls_verify = 1
tls_require_certificate = 0
tls_method = SSLv23 #TLSv1
tls_certificate = "/home/chris/DA/testcenter-cert.pem"
tls_private_key = "/home/chris/DA/testcenter-key.pem"
tls_ca_list = "/home/chris/DA/tcs_ca-cacert.pem"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
#if(uri=~"(a)tls_domain1.net") {
# t_relay("tls:domain1.net");
# exit;
#} else if(uri=~"(a)tls_domain2.net") {
# t_relay("tls:domain2.net");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authenticatio
n
if (!www_authorize("192.168.20.156",
"subscriber")) {
www_challenge("192.168.20.156", "0");
exit;
};
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
>> Hi Chris,
------------------------------------------------------------------------
>
>> what relaying script function
are you using and what format?
>> looks like even for REGISTER you are doing a sort of
>> relaying...
>
>> also be sure you are using the
latest cvs version (for devel
>> branch).
>
>> regards, bogdan
>
>> Christoph Fürstaller wrote:
>
>> Hi,
>
>> I've managed minisip to
connect to tls enabled openser. The
>> tls connection is established fine, but when i try to
>> register or try to call i get errors. See attached ser debug
>> output.
>
>> Anybody knows what that means?
Is the SIP Request from
>> minisip not correct? Or is it a failure in my openser.cfg?
>
>> Any help would be nice.
>
>> chris...
>
>
>> >
>
>
>> 7(11894) tcpconn_new: new tcp connection to:
192.168.20.130
>> 7(11894) tcpconn_new: on port 35957, type 3 7(11894)
>> tls_tcpconn_init: Entered: Creating a whole new ssl
>> connection 7(11894) tls_tcpconn_init: Looking up tls domain
>> [192.168.20.156:5061] 7(11894) tls_tcpconn_init: Using
>> default tls settings 7(11894) tls_tcpconn_init: Setting in
>> ACCEPT mode (server) 7(11894) tcpconn_add: hashes: 181, 2
>> 7(11894) tcp_main_loop: new connection: 0x405b4b90 19
>> 7(11894) send2child: to tcp child 0 3(11880), 0x405b4b90
>> 3(11880) received n=4 con=0x405b4b90, fd=14 3(11880)
>> tls_update_fd: New fd is 14 3(11880) tls_update_fd: New fd is
>> 14 3(11880) tls_accept: TLS handshake successful 3(11880)
>> tls_update_fd: New fd is 14 3(11880) tls_update_fd: New fd is
>> 14 3(11880) _tls_read: 403 bytes read 3(11880) tcp_read_req:
>> content-length= 0 3(11880) SIP Request: 3(11880) method:
>> <REGISTER> 3(11880) uri: <sip:192.168.20.156> 3(11880)
>> version: <SIP/2.0> 3(11880) parse_headers: flags=2 3(11880)
>> DEBUG:parse_to:end of header reached, state=9 3(11880) DEBUG:
>> get_hdr_field: <To> [28]; uri=[sip:chris@192.168.20.156]
>> 3(11880) DEBUG: to body [<sip:chris@192.168.20.156> ]
>> 3(11880) get_hdr_field: cseq <CSeq>: <601> <REGISTER>
>> 3(11880) Found param type 232, <branch> =
>> <z9hG4bK1327458630>; state=16 3(11880) end of header reached,
>> state=5 3(11880) parse_headers: Via found, flags=2 3(11880)
>> parse_headers: this is the first via 3(11880) After
>> parse_msg... 3(11880) preparing to run routing scripts...
>> 3(11880) DEBUG:maxfwd:is_maxfwd_present: value = 70 3(11880)
>> parse_headers: flags=200 3(11880) is_preloaded: Yes 3(11880)
>> grep_sock_info - checking if host==us: 14==14 &&
>> [192.168.20.156] == [192.168.20.156] 3(11880) grep_sock_info
>> - checking if port 5061 matches port 5061 3(11880)
>> after_loose: Topmost route URI:
>> 'sip:192.168.20.156:5061;transport=TLS;lr' is me 3(11880)
>> parse_headers: flags=200 3(11880) DEBUG: get_hdr_body :
>> content_length=0 3(11880) found end of header 3(11880)
>> find_next_route: No next Route HF found 3(11880) after_loose:
>> No next URI found 3(11880) grep_sock_info - checking if
>> host==us: 14==14 && [192.168.20.156] == [192.168.20.156]
>> 3(11880) grep_sock_info - checking if port 5061 matches port
>> 5060 3(11880) check_self: host != me 3(11880) parse_headers:
>> flags=ffffffffffffffff 3(11880) DEBUG: t_newtran: msg id=3 ,
>> global msg id=2 , T on entrance=0xffffffff 3(11880)
>> parse_headers: flags=ffffffffffffffff 3(11880) parse_headers:
>> flags=78 3(11880) t_lookup_request: start searching:
>> hash=19221, isACK=0 3(11880) DEBUG: RFC3261 transaction
>> matching failed 3(11880) DEBUG: t_lookup_request: no
>> transaction found 3(11880) DEBUG: mk_proxy: doing DNS
>> lookup... 3(11880) ERROR:tm:add_uac: can't fwd to af 2, proto
>> 1 (no corresponding listening socket) 3(11880)
>> ERROR:tm:t_forward_nonack: failure to add branches 3(11880)
>> ERROR:tm:t_relay_to: t_forward_nonack returned error
>> 3(11880) parse_headers: flags=ffffffffffffffff 3(11880)
>> check_via_address(192.168.20.130, 192.168.20.130, 3) 3(11880)
>> WARNING:vqm_resize: resize(0) called 3(11880) DEBUG:
>> cleanup_uac_timers: RETR/FR timers reset 3(11880) DEBUG:
>> add_to_tail_of_timer[2]: 0x405dc5c0 3(11880) tcp_send: tcp
>> connection found (0x405b4b90), acquiring fd 3(11880)
>> tcp_send, c= 0x405b4b90, n=8 7(11894) tcp_main_loop: read
>> response= 405b4b90, 1 from 3 (11880) 3(11880) tcp_send: after
>> receive_fd: c= 0x405b4b90 n=4 fd=15 3(11880) tcp_send:
>> sending... 3(11880) tls_update_fd: New fd is 15 3(11880)
>> tls_write: Write was successful (530 bytes) 3(11880)
>> tcp_send: after write: c= 0x405b4b90 n=530 fd=15 3(11880)
>> tcp_send: buf= SIP/2.0 500 I'm terribly sorry, server error
>> occurred (7/TM) From: <sip:chris@192.168.20.156> To:
>> <sip:chris@192.168.20.156>;tag=ddf051b13744e2e8329237e95d7a9ade-7b3d
>> Call-ID: 407398382(a)192.168.20.130 CSeq: 601 REGISTER Via:
>> SIP/2.0/TLS 192.168.20.130:15061;branch=z9hG4bK1327458630
>> Server: OpenSer (1.0.0-tls (i386/linux)) Content-Length: 0
>> Warning: 392 192.168.20.156:5061 "Noisy feedback tells:
>> pid=11880 req_src_ip=192.168.20.130 req_src_port=35957
>> in_uri=sip:192.168.20.156 out_uri=sip:192.168.20.156
>> via_cnt==1"
>
>> >
>> 3(11880) DEBUG:tm:_reply_light: reply sent out.
>> buf=0x811a978: SIP/2.0 5..., shmem=0x405d9750: SIP/2.0 5
>> 3(11880) DEBUG:tm:_reply_light: finished 3(11880) ERROR:
>> generation of a stateful reply on error succeeded 3(11880)
>> DEBUG:destroy_avp_list: destroying list (nil) 3(11880)
>> receive_msg: cleaning up 2(11878) DEBUG: timer
>> routine:2,tl=0x405dc5c0 next=(nil) 2(11878) DEBUG:
>> wait_handler : removing 0x405dc578 from table 2(11878) DEBUG:
>> delete transaction 0x405dc578 2(11878) DEBUG: wait_handler :
>> done 3(11880) tcp_receive_loop: 0x405b4b90 expired (172, 173)
>> 3(11880) releasing con 0x405b4b90, state 0, fd=14, id=2
>> 3(11880) extra_data 0x4042fd70 7(11894) tcp_main_loop:
>> reader response= 405b4b90, 0 from 0 7(11894) tcp_main_loop:
>> CONN_RELEASE 0x405b4b90 refcnt= 0
>
>
>> >
>
>
>> _______________________________________________ Users
mailing
>> list Users(a)openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> >
>