Sorry.. Im a bit loose in this one...
So, ive use letsencrypy to generate the certificate, and the CA, how i
have to generate?
Thanks
El lun., 20 abr. 2020 19:06, Sergiu Pojoga <pojogas(a)gmail.com> escribió:
ca_list= /etc/letsencrypt/live/FQND/chain.pem
Is that pointing to your Root CA certificate? I highly doubt it.
That's probably the reason why you get "tls_read_f(): TLS
write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed"
On Mon, Apr 20, 2020 at 11:53 AM sip user <sipuser404(a)gmail.com> wrote:
> Hi..
>
> Thank you all very much for answering me.
>
> I have made many test:
>
> First, I've installed ssl cert with letsencrypt, like
>
https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this
> one i made it before.
>
> I've configured tls.cfg like:
>
> [server:default]
> method = TLSv1.2
> verify_certificate = yes
> require_certificate = yes
> private_key = /etc/letsencrypt/live/FQND/privkey.pem
> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem
> ca_list= /etc/letsencrypt/live/FQND/chain.pem
>
> [client:default]
> method = TLSv1.2
> verify_certificate = yes
> require_certificate = yes
> private_key = /etc/letsencrypt/live/FQND/privkey.pem
> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem
> ca_list= /etc/letsencrypt/live/FQND/chain.pem
>
> In syslog I received:
>
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>:
> Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb.
> a6291812000000000000000000000000.0#015#012To: <sip:
> sip.pstnhub.microsoft.com;transport=tls>#015#012From:
>
<sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq:
> 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481(a)51.89.
> 23.96#015#012Max-Forwards
> <http://0d202fa1261f1449-8481@51.89.23.96#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0
> (x86_64/linux))
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>:
> Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb.
> f565cf11000000000000000000000000.0#015#012To: <sip:
> sip2.pstnhub.microsoft.com;transport=tls>#015#012From:
>
<sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq:
> 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481(a)51.89.
> 23.96#015#012Max-Forwards
> <http://0d202fa1261f144a-8481@51.89.23.96#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0
> (x86_64/linux))
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls
> [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core>
> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>:
> Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb.
> 212aa3c7000000000000000000000000.0#015#012To: <sip:
> sip3.pstnhub.microsoft.com;transport=tls>#015#012From:
>
<sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq:
> 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481(a)51.89.
> 23.96#015#012Max-Forwards
> <http://0d202fa1261f144b-8481@51.89.23.96#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0
> (x86_64/linux))
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls
> [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core>
> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls
> [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core>
> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
>
> And If I make kamcmd tls.list, I have no response.
>
> Test two:
>
> If I coonfigure tls.cfg like:
>
> [server:default]
> method = TLSv1.2
> verify_certificate = no
> require_certificate = no
> private_key = /etc/letsencrypt/live/FQND/privkey.pem
> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem
> ca_list= /etc/letsencrypt/live/FQND/chain.pem
>
> [client:default]
> method = TLSv1.2
> verify_certificate = no
> require_certificate = no
> private_key = /etc/letsencrypt/live/FQND/privkey.pem
> certificate = /etc/letsencrypt/live/FQDN/fullchain.pem
> ca_list= /etc/letsencrypt/live/FQND/chain.pem
>
> In syslog:
>
> Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left
> promiscuous mode
> Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>:
> Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f.
> 0c39c2d0000000000000000000000000.0#015#012To: <sip:
> sip.pstnhub.microsoft.com;transport=tls>#015#012From:
>
<sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq:
> 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257(a)51.89.
> 23.96#015#012Max-Forwards
> <http://02376c756e11dbd4-8257@51.89.23.96#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0
> (x86_64/linux))
> Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>:
> Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f.
> 0e9be960000000000000000000000000.0#015#012To: <sip:
> sip2.pstnhub.microsoft.com;transport=tls>#015#012From:
>
<sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq:
> 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257(a)51.89.
> 23.96#015#012Max-Forwards
> <http://02376c756e11dbd5-8257@51.89.23.96#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0
> (x86_64/linux))
> Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>:
> Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f.
> 82d8b643000000000000000000000000.0#015#012To: <sip:
> sip3.pstnhub.microsoft.com;transport=tls>#015#012From:
>
<sip:dispatcher@localhost>;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq:
> 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257(a)51.89.
> 23.96#015#012Max-Forwards
> <http://02376c756e11dbd6-8257@51.89.23.96#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0
> (x86_64/linux))
>
> And If I make kamcmd tls.list:
>
> {
> id: 1
> timeout: 3595
> src_ip: 52.114.75.24
> src_port: 5061
> dst_ip: SBC-IP
> dst_port: 37531
> cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA
> Enc=AESGCM(256) Mac=AEAD
> ct_wq_size: 0
> enc_rd_buf: 0
> flags: 2
> state: established
> }
> {
> id: 2
> timeout: 3596
> src_ip: 52.114.132.46
> src_port: 5061
> dst_ip: SBC-IP
> dst_port: 33370
> cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA
> Enc=AESGCM(256) Mac=AEAD
> ct_wq_size: 0
> enc_rd_buf: 0
> flags: 2
> state: established
> }
> {
> id: 3
> timeout: 3596
> src_ip: 52.114.7.24
> src_port: 5061
> dst_ip: SBC-IP
> dst_port: 48819
> cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA
> Enc=AESGCM(256) Mac=AEAD
> ct_wq_size: 0
> enc_rd_buf: 0
> flags: 2
> state: established
> }
>
> And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
>
> URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP
> URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX
> URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
>
> But in Teams Direct Routing I always see my SBC with problems, never
> active.
>
> In kamailio.cfg I've configure just before request_route:
>
> event_route[tm:local-request] {
> if(is_method("OPTIONS") && $ru =~
"pstnhub.microsoft.com") {
> append_hf("Contact: <sip:SBC-DNS:5061;transport=
> tls>\r\n");
> }
> xlog("L_INFO", "Sent out tm request: $mb\n");
> }
>
> I don't know where could be the problem..
>
> Any more else I can test?
>
> Thanks for all..!!
>
> El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (<ynasida(a)gmail.com>)
> escribió:
>
>> Probably. You can get full pcap files using tcpdump and check TLS
>> handshakes usign wireshark.
>> Also it is not really need to check cert on the side of kamailio. You
>> can set (at least for tests)
>> verify_certificate = no
>> require_certificate = no
>>
>> On Fri, 17 Apr 2020 at 10:02, sip user <sipuser404(a)gmail.com> wrote:
>>
>>> Hi Sergiu..
>>>
>>> I've made many test and many change...
>>>
>>> In tls.cfg I have this:
>>>
>>> [server:default]
>>> method = TLSv1.2
>>> verify_certificate = yes
>>> require_certificate = yes
>>> private_key = /etc/letsencrypt/ssl/cert.key
>>> certificate = /etc/letsencrypt/ssl/cert.crt
>>> ca_list = /etc/letsencrypt/ssl/ca.crt
>>>
>>> [client:default]
>>> method = TLSv1.2
>>> verify_certificate = yes
>>> require_certificate = yes
>>> private_key = /etc/letsencrypt/ssl/cert.key
>>> certificate = /etc/letsencrypt/ssl/cert.crt
>>> ca_list = /etc/letsencrypt/ssl/ca.crt
>>>
>>> But when I make Kamcmd tls.list I have not response.. Not show me
>>> anything.
>>>
>>> Problem with certificated??
>>>
>>> Thanks
>>>
>>> El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (<pojogas(a)gmail.com>)
>>> escribió:
>>>
>>>> Hi SIP User/anonymous/one-time-visitor/,
>>>>
>>>> Your TLS config isn't correct. The article clearly says
>>>> verify/require_certificate must be set to 'yes'
>>>>
>>>> *kamcmd tls.list*
>>>> Does it show any 'established' connections with MS proxy?
>>>>
>>>> Good luck,
>>>>
>>>> --Sergiu
>>>>
>>>> On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas
<osas(a)voipembedded.com>
>>>> wrote:
>>>>
>>>>> The tutorial is pretty clear:
>>>>> You need to add the Contact header only for OPTIONS pings.
>>>>> You need to use the proper Record-Route headers based on the
>>>>> direction
>>>>> of the call.
>>>>> There's no out of the box solution because each setup is
different.
>>>>>
>>>>> If you understand how loose routing works in SIP, then you know
>>>>> how to
>>>>> adjust the config to use record_route_preset(), just as explained
>>>>> in
>>>>> the tutorial. There is also an example of an INVITE that has the
>>>>> right
>>>>> Record-Route headers in the tutorial.
>>>>>
>>>>> You can choose to use the FQDN for the Record-Route header facing
>>>>> MS
>>>>> and the IP for the Record-Route header facing the carrier or use
>>>>> the
>>>>> FQDN for both Record-Route headers (just like in the
>>>>> tutorialexample).
>>>>> Alternatively, one can try to advertise the FQDN in the listen
>>>>> directive in the config and then the Record-Route headers should be
>>>>> populated automatically.
>>>>>
>>>>> Regards,
>>>>> Ovidiu Sas
>>>>>
>>>>> On Thu, Apr 16, 2020 at 10:50 AM sip user
<sipuser404(a)gmail.com>
>>>>> wrote:
>>>>> >
>>>>> > Hi Nasida.. Thanks for answerd to me...
>>>>> >
>>>>> > I've activarted the debugger module, and I see the same:
>>>>> >
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection:
>>>>> 52.114.7.24
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port
4160, type 3
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes:
>>>>> 171:1857:1187, 30
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [io_wait.h:388]: io_watch_add(): DBG:
io_watch_add(0xa1f240, 23, 2,
>>>>> 0x7f90f2438f80), fd_no=17
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del
(0xa1f240, 23,
>>>>> -1, 0x0) fd_no=18 called
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG:
sending to child,
>>>>> events 1
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1
10(23159) for
>>>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1507]: handle_io(): received n=8
con=0x7f90f2438f80, fd=9
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
>>>>> [tls_server.c:184]: tls_complete_init(): Using TLS domain
TLSs<default>
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
>>>>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send:
sending...
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after
real write: c=
>>>>> 0x7f90f2438f80 n=1468 fd=9
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003
>>>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [io_wait.h:388]: io_watch_add(): DBG:
io_watch_add(0x9c1700, 9, 2,
>>>>> 0x7f90f2438f80), fd_no=1
>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:296]: tcp_read_data(): EOF on
0x7f90f2438f80, FD 9
>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del
(0x9c1700, 9, -1,
>>>>> 0x10) fd_no=2 called
>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con
0x7f90f2438f80,
>>>>> state -1, fd=9, id=30
>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data
0x7f90f2432b40
>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child:
reader
>>>>> response= 7f90f2438f80, -1 from 1
>>>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
>>>>> [tls_server.c:604]: tls_h_close(): Closing SSL connection
0x7f90f2432b40
>>>>> >
>>>>> > I don't see any different.
>>>>> >
>>>>> > I know that the module is loaded because I see:
>>>>> >
>>>>> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
>>>>> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
>>>>> >
>>>>> > When I restart kamailio, but when I "launch" a call
from Teams
>>>>> to my Kamailio I only see that.
>>>>> >
>>>>> > To configure it, I follow
https://skalatan.de/en/blog/
>>>>> kamailio-sbc-teams.. But I cannot make it works..
>>>>> >
>>>>> > Any more thing that i can test or do??
>>>>> >
>>>>> > Thanks
>>>>> >
>>>>> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy
(<nasida(a)live.ru>)
>>>>> escribió:
>>>>> >>
>>>>> >> Wow, so many people want to configure kamailio with MS.
First
>>>>> of all i think you need to get sip debug between kamailio and MS.
Kamilio
>>>>> has module to save sip traces. This way you will get sip debug
decrypted.
>>>>> >>
>>>>> >>
>>>>> >> ________________________________
>>>>> >> От: sr-users <sr-users-bounces(a)lists.kamailio.org> от
имени
>>>>> sip user <sipuser404(a)gmail.com>
>>>>> >> Отправлено: 16 апреля 2020 г. 10:19
>>>>> >> Кому: sr-users(a)lists.kamailio.org
<sr-users(a)lists.kamailio.org>
>>>>> >> Тема: [SR-Users] Kamailio like SBC with Teams
>>>>> >>
>>>>> >> Hello good morning ... I am new to this list and I was
starting
>>>>> to mess with Kamailio, mainly to set it up as SBC against Teams, in
this
>>>>> case.
>>>>> >>
>>>>> >> But I can't get it to work for me. If I launch a call
from the
>>>>> Teams, in the Kamailio I see:
>>>>> >>
>>>>> >> 1.- In syslog:
>>>>> >>
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection:
>>>>> 52.114.7.24
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port
4160, type 3
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes:
>>>>> 171:1857:1187, 30
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [io_wait.h:388]: io_watch_add(): DBG:
io_watch_add(0xa1f240, 23, 2,
>>>>> 0x7f90f2438f80), fd_no=17
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del
(0xa1f240, 23,
>>>>> -1, 0x0) fd_no=18 called
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG:
sending to child,
>>>>> events 1
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1
10(23159) for
>>>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1507]: handle_io(): received n=8
con=0x7f90f2438f80, fd=9
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
tls
>>>>> [tls_server.c:184]: tls_complete_init(): Using TLS domain
TLSs<default>
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
tls
>>>>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send:
sending...
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after
real write: c=
>>>>> 0x7f90f2438f80 n=1468 fd=9
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003
>>>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [io_wait.h:388]: io_watch_add(): DBG:
io_watch_add(0x9c1700, 9, 2,
>>>>> 0x7f90f2438f80), fd_no=1
>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:296]: tcp_read_data(): EOF on
0x7f90f2438f80, FD 9
>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del
(0x9c1700, 9, -1,
>>>>> 0x10) fd_no=2 called
>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con
0x7f90f2438f80,
>>>>> state -1, fd=9, id=30
>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG:
>>>>> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data
0x7f90f2432b40
>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG:
>>>>> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child:
reader
>>>>> response= 7f90f2438f80, -1 from 1
>>>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG:
tls
>>>>> [tls_server.c:604]: tls_h_close(): Closing SSL connection
0x7f90f2432b40
>>>>> >>
>>>>> >> 2.- With TCPDUMP:
>>>>> >>
>>>>> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls:
Flags
>>>>> [S], seq 261244614, win 64240, options [mss 1440,nop,wscale
>>>>> 8,nop,nop,sackOK], length 0
>>>>> >> 11:13:09.311898 IP SBC_IP .eu.sip-tls >
52.114.76.76.1024:
>>>>> Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss
>>>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0
>>>>> >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP
.eu.sip-tls:
>>>>> Flags [.], ack 1, win 2053, length 0
>>>>> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP
.eu.sip-tls:
>>>>> Flags [P.], seq 1:187, ack 1, win 2053, length 186
>>>>> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls >
52.114.76.76.1024:
>>>>> Flags [.], ack 187, win 237, length 0
>>>>> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls >
52.114.76.76.1024:
>>>>> Flags [P.], seq 1:1469, ack 187, win 237, length 1468
>>>>> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP
.eu.sip-tls:
>>>>> Flags [.], ack 1469, win 2053, length 0
>>>>> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls:
Flags
>>>>> [S], seq 309084204, win 64240, options [mss 1440,nop,wscale
>>>>> 8,nop,nop,sackOK], length 0
>>>>> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216:
Flags
>>>>> [S.], seq 3275066862, ack 309084205, win 29200, options [mss
>>>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0
>>>>> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls:
Flags
>>>>> [.], ack 1, win 2053, length 0
>>>>> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls:
Flags
>>>>> [P.], seq 1:187, ack 1, win 2053, length 186
>>>>> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216:
Flags
>>>>> [.], ack 187, win 237, length 0
>>>>> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216:
Flags
>>>>> [P.], seq 1:1469, ack 187, win 237, length 1468
>>>>> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls:
Flags
>>>>> [.], ack 1469, win 2053, length 0
>>>>> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls:
Flags
>>>>> [F.], seq 187, ack 1469, win 2053, length 0
>>>>> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216:
Flags
>>>>> [F.], seq 1469, ack 188, win 237, length 0
>>>>> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls:
Flags
>>>>> [.], ack 1470, win 2053, length 0
>>>>> >>
>>>>> >> I can't "receive" anything.
>>>>> >>
>>>>> >> I have generated the certificates and configured in the
tls.cfg
>>>>> of the Kamailio:
>>>>> >>
>>>>> >> [server:default]
>>>>> >> method = TLSv1.2
>>>>> >> verify_certificate = no
>>>>> >> require_certificate = no
>>>>> >> private_key = /etc/letsencrypt/ssl/cert.key
>>>>> >> certificate = /etc/letsencrypt/ssl/cert.crt
>>>>> >> ca_list = /etc/letsencrypt/ssl/ca.crt
>>>>> >>
>>>>> >> Within Kamailio itself I have it configured to return a 200
>>>>> KeepAlive to Teams when it receives an OPTIONS:
>>>>> >>
>>>>> >> event_route[tm:local-request] {
>>>>> >>
>>>>> >> if(is_method("OPTIONS") && $ru =~
"
>>>>> pstnhub.microsoft.com") {
>>>>> >> append_hf("Contact: <sip: SBC_DNS
>>>>> :5061;transport=tls>\r\n");
>>>>> >> }
>>>>> >> xlog("L_INFO", "Sent out tm request:
$mb\n");
>>>>> >> }
>>>>> >>
>>>>> >> And I have measured the record_route for this new one:
>>>>> >>
>>>>> >> record_route_preset(" SBC_DNS
:5061;transport=tls", " SBC_IP
>>>>> :5061");
>>>>> >>
>>>>> >> I have created a dispatcher.list:
>>>>> >>
>>>>> >> # setid(integer) destination(sip uri) flags (integer,
>>>>> optional), priority(int,opt), attrs (str,optional)
>>>>> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3
>>>>> socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS
>>>>> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2
>>>>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
>>>>> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1
>>>>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
>>>>> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1
>>>>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
>>>>> >>
>>>>> >> I think that one of the problems is that I do not send the
>>>>> OPTIONS to the Teams well, since it is on their panel, it indicates
that
>>>>> the SBC is INACTIVE.
>>>>> >>
>>>>> >> I don't know if you could help me straighten this out a
bit ...
>>>>> >>
>>>>> >> Thank you so much for everything..
>>>>> >>
>>>>> >> a greeting
>>>>> >> _______________________________________________
>>>>> >> Kamailio (SER) - Users Mailing List
>>>>> >> sr-users(a)lists.kamailio.org
>>>>> >>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>> >
>>>>> > _______________________________________________
>>>>> > Kamailio (SER) - Users Mailing List
>>>>> > sr-users(a)lists.kamailio.org
>>>>> >
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> VoIP Embedded, Inc.
>>>>>
http://www.voipembedded.com
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users(a)lists.kamailio.org
>>>>>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users(a)lists.kamailio.org
>>>>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users(a)lists.kamailio.org
>>>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users(a)lists.kamailio.org
>>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org
>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org