Hi,
I have successfully configured Kamailio for WSS support using the below instructions. Everything works perfectly except, when call is hanged up from the receiving end, Kamailio sends BYE and the browser disconnects websocket connection right after getting response from Kamailio with the following error message:
Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed: Invalid frame headerChrome: The connection to ws://localhost:3001/websocket was interrupted while the page was loading. Everything works perfectly over plain websocket(WS). Kamailio is sending something with the websocket that the browsers do not like. But im not sure what it is. If somebody faced same issue before or can give any clue that would be really helpful.
Thanks in advanced!
Date: Fri, 17 Oct 2014 18:33:17 -0700 From: gascagonzalo@gmail.com To: sr-users@lists.sip-router.org CC: ben@langfeld.me Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Hi Ben, In regards your certificates, please double check the following:a) CN field:In your webrtc client check the URL used for wss. and verify it matches the CN field of the certificate installed in kamailio:Example:In my sipml5 client I configured wss://ramenlabs.io:5063 and my certificate in fact contains in the cn field ramenlabs.io
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text b) I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port 5063Topology:1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)2) sipml5 --wss---> kamailio Relevant configurations:kamailio.cfgtls.cfgcertificates Kamailio:
loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/
Listening on
udp: 172.31.27.85:5060
tcp: 172.31.27.85:5060
tcp: 172.31.27.85:5062
tls: 172.31.27.85:5061
tls: 172.31.27.85:5063
Aliases:
tls: ip-172-31-27-85.us-west-2.compute.internal:5063
tls: ip-172-31-27-85.us-west-2.compute.internal:5061
tcp: ip-172-31-27-85.us-west-2.compute.internal:5062
tcp: ip-172-31-27-85.us-west-2.compute.internal:5060
udp: ip-172-31-27-85.us-west-2.compute.internal:5060
*: ramenlabs.io:*
*: 172.31.27.85:*
kamailio.cfgtls.cfg https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg
openssl s_client -connect 172.31.27.85:5063 where this i my internal IP address I get presented the certificates. HTH -G On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan dodul@live.com wrote:
ok. I have made some changes. rather than getting the TLS configaration from a file I added this lines: #!ifdef WITH_TLS# ----- tls params ----- modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem") now, Im getting different logs which looks good. Getting positive results from openssl test, openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C But when I try to connect using my webRTC client or even from web-browsers im getting timed out. I think im close .. please help me fixing this issue. Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client certificate required and no checks performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)