19 Dec
2023
19 Dec
'23
9:14 a.m.
1. You're not paying attention. Previously, I asked if there's
*force_rport()* in your kam config. Looks like you do. Remove it from the
REQINIT route.
-- Removed and restarted Kamailio to test with this setting, no impact
2. Are you sure Kamailio can read the cert and key files from
*/etc/letsencrypt/live/**abcsbc.com/ <http://abcsbc.com/>*? By default,
those files may not be readable by kamailio, depending if you run it under
root or kamailio user. Change the folder permissions or better yet copy the
cert and key to some /tmp/ folder and adjust config for testing purpose
sake.
-- Yes, it's reading the certificates because otherwise it gives the permissions error
at Kamailio start and won't listen on tls port.
tls: 172.31.19.8:5061 advertise abcsbc.com:5061
3. You don't need *[server:172.31.19.8:5061 <http://172.31.19.8:5061>]
& [client:172.31.19.8:5061 <http://172.31.19.8:5061>]* definitions in
tls.cfg, default will suffice.
-- I already tested this with default but because it's on AWS so it looks for tls and
sni back at the local ip at the socket. and when we don't define it, it will give the
following error which I already opened the case and fixed it with these settings and now
tls hanshake is successful.
Error: Dec 12 19:32:55 abcsbc.com /usr/sbin/kamailio[23865]: ERROR: tls [tls_util.h:49]:
tls_err_ret(): TLS write:error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed (sni: unknown)
4. To avoid all this back and forth, enable debugging
<https://kamailio.org/docs/modules/devel/modules/debugger.html> in Kamailio
and see if there's any errors like Kam not being able to load certs and
priv keys e.t.c
-- I have enabled the debugging logs with the following configs and after the restart
kamailio.log is in the pastebin link.
####### Global Parameters #########
/* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */
#debug=DBGLEVEL
debug=3
/* set to 'yes' to print log messages to terminal or use '-E' cli option
*/
log_stderror=no
memdbg=5
memlog=5
log_facility=LOG_LOCAL0
log_prefix="{$mt $hdr(CSeq) $ci} "
https://pastebin.com/t9Kjmh1J