Dear all,
First I would like to say thanks to every body in this forum. Thank you very much.. All, I am sorry for my message again. Sorry for the long message. I am in rush and panic. I have read the instruction in tls.htm about TLS configuration many times. But, Untill now, I can not build it. Maybe because of my lack understanding and skill.
When I run "netstat -anp|grep 5061", I got this output message :
[root@localhost root]# netstat -anp|grep 5061 tcp 0 0 202.95.149.251:5061 0.0.0.0:* LISTEN 5099/openser [root@localhost root]# netstat -anp|grep 5060 tcp 0 0 202.95.149.251:5060 0.0.0.0:* LISTEN 5099/openser udp 0 0 202.95.149.251:5060 0.0.0.0:* 5099/openser
From the output, I can see that the port 5061 (for TLS) can be loaded. But, why when I run "ngrep -d any...", there is no port 5061? Here is the output
U 202.95.149.3:5060 -> 202.95.149.251:5060 .. #### T 127.0.0.1:32804 -> 127.0.0.1:631 [AP] POST / HTTP/1.1.. ## T 127.0.0.1:32804 -> 127.0.0.1:631 [AP] Content-Length: 220.. ## T 127.0.0.1:32804 -> 127.0.0.1:631 [AP] Content-Type: application/ipp.. ## T 127.0.0.1:32804 -> 127.0.0.1:631 [AP] Host: localhost.. ## T 127.0.0.1:32804 -> 127.0.0.1:631 [AP] .. ## T 127.0.0.1:32804 -> 127.0.0.1:631 [AP] ........ ## T 127.0.0.1:631 -> 127.0.0.1:32804 [AP] HTTP/1.1 200 OK.. # T 127.0.0.1:631 -> 127.0.0.1:32804 [AP] Date: Fri, 22 Sep 2006 08:10:21 GMT.. ## T 127.0.0.1:631 -> 127.0.0.1:32804 [AP] Server: CUPS/1.1..Connection: Keep-Alive..Keep-Alive: timeout=60..Content-Language: C..Content-Type: application/ipp; ch arset=iso-8859-1..Content-Length: 81.............G..attributes-charset..utf-8H..attributes-natural-language..en-us.utf-8 . What should I do? Please help me..Please give me a suggestion.
These are the tasks that I have done before : 1. I have added in DNS Records : pcr.ac.id IN NAPTR 50 50 "s" "SIPS+D2T" "" _sips._tcp.pcr.ac.id. pcr.ac.id IN NAPTR 60 40 "s" "SIP+D2T" "" _sip._tcp.pcr.ac.id. pcr.ac.id IN NAPTR 60 60 "s" "SIP+D2U" "" _sip._udp.pcr.ac.id 2. Here is my openser.cfg configuration : debug=9 fork=no log_stderror=yes listen=202.95.149.251 # put your openserver IP address here port=5060 children=4 dns=no rev_dns=no fifo="/tmp/openser_fifo" fifo_db_url="mysql://openser:openserrw@localhost/openser" fifo_mode=0666 alias="pcr.ac.id" tls_port_no=5061 # uncomment the following lines for TLS support disable_tls = 0 listen = tls:202.95.149.251:5061 #listen = udp:202.95.149.251:5060 tls_verify_client = on tls_require_client_certificate = on tls_verify_server=on tls_method = TLSv1 tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/nathelper.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/permissions.so" modparam("auth_db|permissions|uri_db|usrloc","db_url", "mysql://openser:openserrw@localhost/openser") modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openser:openserrw@localhost/openser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") modparam("usrloc", "db_mode", 2) modparam("registrar", "nat_flag", 6) modparam("rr", "enable_full_lr", 1) modparam("tm", "fr_inv_timer", 27) modparam("tm", "fr_inv_timer_avp", "s:inv_timeout") modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted")
route { # ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); return; }; if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); return; }; # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- if (method!="REGISTER") { record_route(); }; if (method=="BYE" || method=="CANCEL") { unforce_rtp_proxy(); } # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route()) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (nat_uac_test("19")) { setflag(6); force_rport(); fix_nated_contact(); }; force_rtp_proxy("l"); }; route(1); return; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (uri!=myself) {
route(5); route(1); return; }; if (uri==myself) { if (method=="ACK") { route(6); return; } else if (method=="CANCEL") { route(3); return; } else if (method=="INVITE") { route(3); return; } else if (method=="REGISTER") { route(2); return; }; lookup("aliases"); if (uri!=myself) { route(5); route(1); return; }; if (!lookup("location")) { sl_send_reply("404", "Uopenser Not Found"); return; }; }; route(1); } route[1] { # ----------------------------------------------------------------- # Default Message Handler # ----------------------------------------------------------------- t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" && isflagset(6)) { unforce_rtp_proxy(); }; sl_reply_error(); }; } route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact:\ +*") && nat_uac_test("19")) { setflag(6); fix_nated_register(); force_rport(); }; if (!www_authorize("pcr.ac.id","subscriber")) { www_challenge("pcr.ac.id","0"); return; }; if (!check_to()) { sl_send_reply("401", "Unauthorized"); return; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } route[3] { # ----------------------------------------------------------------- # CANCEL and INVITE Message Handler # -----------------------------------------------------------------
if (nat_uac_test("19")) { setflag(6); } #if (!allow_trusted() && nat_uac_test("19")) { # setflag(6); #}
lookup("aliases"); if (method=="INVITE" && !allow_trusted()) { if (!proxy_authorize("pcr.ac.id","subscriber")) { proxy_challenge("pcr.ac.id","0"); return; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); return; }; consume_credentials(); }; if (uri=~"^sip:9[0-9]*@") { route(4); return; }; if (uri!=myself) { route(5); route(1); return; }; if (!lookup("location")) { if (uri=~"^sip:[0-9]{10}@") { route(4); return; }; sl_send_reply("404", "Uopenser Not Found"); return; }; if (method=="CANCEL") { route(1); return; } if (isflagset(6)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); }; t_on_reply("1"); if (!t_relay()) { if(isflagset(6)) { unforce_rtp_proxy(); } sl_reply_error(); }; } route[4] { # ----------------------------------------------------------------- # PSTN Handler # ----------------------------------------------------------------- rewritehostport("202.95.149.254:5060"); # INOPENSERT YOUR PSTN GATEWAY IP ADDRESS # avp_write("i:45", "inv_timeout"); #if (!allow_trusted() && isflagset(6)) { if (isflagset(6)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); }; route(1); } onreply_route[1] { if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") { if (!search("^Content-Length:\ +0")) { force_rtp_proxy(); }; }; if (nat_uac_test("1")) { fix_nated_contact(); }; }
What should I add in openser.cfg? Please help..Please.. Thank you very much, Regards,
Ferianto
--------------------------------- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail.