29 Aug
2007
29 Aug
'07
11:23 a.m.
Hi,
Arrggghh .. that's one of my attempts to eliminate the broken "BYE"
problem... that's ngrep was captured when I set "modparam("rr",
"enable_double_rr", "0");",
I've paste another ngrep to http://pastebin.ca/674450, this time the
double RR header is enabled.
And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to decrypt
the post is "openser").
Even though double RR header is enabled, but for BYE it's still doesn't
process properly :(
For the .cfg file line #130 onward, I did tried t_relay, forward and
force_send_socket,
but none of this will do the trick (force_send_socket was complaining
TLS error due to missing certificate (?) )
Would appreciate if anyone could enlighten me why is this happen ?
Thanks,
David Loh
Klaus Darilion wrote:
But the INVITE you posted at http://pastebin.ca/673392
also has only
one Record-Route header.
regards
klaus
David Loh schrieb:
Hi,
Yea, OpenSER proxy was add 2 record-route header for the INVITE/ACK
...but when asterisk disconnected the call and send BYE back to OpenSER,
the TLS RR header wasn't present, the only 2 RR header was
"SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP
<Client_WAN_IP>" ....
I'm puzzled ... is there any command to 'fix' this?
Regards,
David Loh
Klaus Darilion wrote:
The openser proxy should add 2 record-route
header (TLS and UDP =
double record route). This is why it does not work.
regards
klaus
David Loh schrieb:
Hi All,
Greeting.
I've been struggle with OpenSER TLS implementation for more than a
week, since I've ported from UDP to TLS, everything work fine
except the "BYE" request from Asterisk (loose route), my
implementation was something like below:
[Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
My OpenSER.cfg already configured to listen on two port which is :-
"tls:eth0:5061" and "udp:eth0:5060", client make p2p or PSTN (or
even voicemail) having no problem,
but when the callee disconnect the call, caller will never get hang
up :(
I've attached my ethereal trace/ngrep to pastebin,
http://pastebin.ca/673392
Wondering if anyone can help me with the broken "BYE" that returned
from Asterisk ?
Line #131, supposedly this line should have contain 2 Via header,
one was "SIP/2.0/UDP" and another "SIP/2.0/TLS",
but somehow the TLS via header was gone !! (compare to previous ACK
(Line #117) /INVITE (Line #51).
Due to the missing TLS via header, OpenSER log file was complaining
"protocol/port mis-match".
The last BYE request (Line #256) is actually firing from Client,
which contain the "TLS" via.
I've even tried "force_send_socket" to port 5061 (instead of 5060)
from loose route, but it complaining TLS certificate error,
since Asterisk doesn't support TLS natively, I've no clue why is
the ACK/INVITE/CANCEL work but not BYE.
if (loose_route) {
....
if(is_method("BYE")) { force_send_socket(IP:5061); }
}
Has any one gone through of this kinda OpenSER over TLS + Asterisk
setup,
I'm really appreciate if you can share your experience with me, or
pin point what's the mistakes I made here.
Thanks in advance.
Regards,
David Loh
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
29 Aug
29 Aug
3:42 p.m.
New subject: [OpenSER-Users] Broken "BYE" returned from Asterisk on TLS implementation ?
Route headers are fine - the problem is the RURI of the BYE:
See the Contact header of the INVITE:
Contact: <sip:davidloh@x.x.80.178:4294;transport=TLS>
This URI must be used in the RURI of the BYE, but Asterisk uses:
BYE sip:davidloh@x.x.80.178:4294 SIP/2.0
Thus, the proxy forwards the request with UDP instead of TLS. Thus, this
is a bug in Asterisk. Try update Asterisk. Try looking at Asterisk Bug
tracker for this bug. If you are unlucky, open a bug report on the
Asterisk bug tracker (bugs.digium.com)
regards
klaus
David Loh schrieb:
Hi,
Arrggghh .. that's one of my attempts to eliminate the broken "BYE"
problem... that's ngrep was captured when I set "modparam("rr",
"enable_double_rr", "0");",
I've paste another ngrep to http://pastebin.ca/674450, this time the
double RR header is enabled.
And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to decrypt
the post is "openser").
Even though double RR header is enabled, but for BYE it's still doesn't
process properly :(
For the .cfg file line #130 onward, I did tried t_relay, forward and
force_send_socket,
but none of this will do the trick (force_send_socket was complaining
TLS error due to missing certificate (?) )
Would appreciate if anyone could enlighten me why is this happen ?
Thanks,
David Loh
Klaus Darilion wrote:
But the INVITE you posted at
http://pastebin.ca/673392 also has only
one Record-Route header.
regards
klaus
David Loh schrieb:
Hi,
Yea, OpenSER proxy was add 2 record-route header for the INVITE/ACK
...but when asterisk disconnected the call and send BYE back to OpenSER,
the TLS RR header wasn't present, the only 2 RR header was
"SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP
<Client_WAN_IP>" ....
I'm puzzled ... is there any command to 'fix' this?
Regards,
David Loh
Klaus Darilion wrote:
The openser proxy should add 2 record-route
header (TLS and UDP =
double record route). This is why it does not work.
regards
klaus
David Loh schrieb:
> Hi All,
>
> Greeting.
>
> I've been struggle with OpenSER TLS implementation for more than a
> week, since I've ported from UDP to TLS, everything work fine
> except the "BYE" request from Asterisk (loose route), my
> implementation was something like below:
>
> [Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
>
> My OpenSER.cfg already configured to listen on two port which is :-
> "tls:eth0:5061" and "udp:eth0:5060", client make p2p or PSTN (or
> even voicemail) having no problem,
> but when the callee disconnect the call, caller will never get hang
> up :(
>
> I've attached my ethereal trace/ngrep to pastebin,
> http://pastebin.ca/673392
>
> Wondering if anyone can help me with the broken "BYE" that returned
> from Asterisk ?
> Line #131, supposedly this line should have contain 2 Via header,
> one was "SIP/2.0/UDP" and another "SIP/2.0/TLS",
> but somehow the TLS via header was gone !! (compare to previous ACK
> (Line #117) /INVITE (Line #51).
> Due to the missing TLS via header, OpenSER log file was complaining
> "protocol/port mis-match".
>
> The last BYE request (Line #256) is actually firing from Client,
> which contain the "TLS" via.
>
>
> I've even tried "force_send_socket" to port 5061 (instead of 5060)
> from loose route, but it complaining TLS certificate error,
> since Asterisk doesn't support TLS natively, I've no clue why is
> the ACK/INVITE/CANCEL work but not BYE.
> if (loose_route) {
> ....
> if(is_method("BYE")) { force_send_socket(IP:5061); }
> }
>
>
> Has any one gone through of this kinda OpenSER over TLS + Asterisk
> setup,
> I'm really appreciate if you can share your experience with me, or
> pin point what's the mistakes I made here.
>
> Thanks in advance.
>
> Regards,
> David Loh
>
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
3 Sep
3 Sep
2:07 p.m.
New subject: [OpenSER-Users] Broken "BYE" returned from Asterisk on TLS implementation ?
Hi Klaus,
So in order to make it work, the RURI of Asterisk uses should contain
"transport=TLS" right.
if the "transport=TLS" can be appended to the SIP message, the
disconnection shall be handle properly ?
Currently I'm struggling w/ subst/subst_uri ... it's seems the Regex
textops module used was slightly different from Unix,
I do "subst('/^BYE(.*)SIP\/2\.0/BYE\1;transport=TLS SIP\/2\.0/ ');" but
it doesn't work ...
I'm not sure if subst able to alter the header but if it doesn't, is
there any command that I can use to alter the BYE header ?
Thanks,
David Loh
Klaus Darilion wrote:
Route headers are fine - the problem is the RURI of
the BYE:
See the Contact header of the INVITE:
Contact: <sip:davidloh@x.x.80.178:4294;transport=TLS>
This URI must be used in the RURI of the BYE, but Asterisk uses:
BYE sip:davidloh@x.x.80.178:4294 SIP/2.0
Thus, the proxy forwards the request with UDP instead of TLS. Thus,
this is a bug in Asterisk. Try update Asterisk. Try looking at
Asterisk Bug tracker for this bug. If you are unlucky, open a bug
report on the Asterisk bug tracker (bugs.digium.com)
regards
klaus
David Loh schrieb:
Hi,
Arrggghh .. that's one of my attempts to eliminate the broken "BYE"
problem... that's ngrep was captured when I set "modparam("rr",
"enable_double_rr", "0");",
I've paste another ngrep to http://pastebin.ca/674450, this time the
double RR header is enabled.
And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to
decrypt the post is "openser").
Even though double RR header is enabled, but for BYE it's still
doesn't process properly :(
For the .cfg file line #130 onward, I did tried t_relay, forward and
force_send_socket,
but none of this will do the trick (force_send_socket was complaining
TLS error due to missing certificate (?) )
Would appreciate if anyone could enlighten me why is this happen ?
Thanks,
David Loh
Klaus Darilion wrote:
But the INVITE you posted at
http://pastebin.ca/673392 also has only
one Record-Route header.
regards
klaus
David Loh schrieb:
Hi,
Yea, OpenSER proxy was add 2 record-route header for the INVITE/ACK
...but when asterisk disconnected the call and send BYE back to
OpenSER,
the TLS RR header wasn't present, the only 2 RR header was
"SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP
<Client_WAN_IP>" ....
I'm puzzled ... is there any command to 'fix' this?
Regards,
David Loh
Klaus Darilion wrote:
> The openser proxy should add 2 record-route header (TLS and UDP =
> double record route). This is why it does not work.
>
> regards
> klaus
>
> David Loh schrieb:
>> Hi All,
>>
>> Greeting.
>>
>> I've been struggle with OpenSER TLS implementation for more than
>> a week, since I've ported from UDP to TLS, everything work fine
>> except the "BYE" request from Asterisk (loose route), my
>> implementation was something like below:
>>
>> [Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
>>
>> My OpenSER.cfg already configured to listen on two port which is
>> :- "tls:eth0:5061" and "udp:eth0:5060", client make p2p or
PSTN
>> (or even voicemail) having no problem,
>> but when the callee disconnect the call, caller will never get
>> hang up :(
>>
>> I've attached my ethereal trace/ngrep to pastebin,
>> http://pastebin.ca/673392
>>
>> Wondering if anyone can help me with the broken "BYE" that
>> returned from Asterisk ?
>> Line #131, supposedly this line should have contain 2 Via header,
>> one was "SIP/2.0/UDP" and another "SIP/2.0/TLS",
>> but somehow the TLS via header was gone !! (compare to previous
>> ACK (Line #117) /INVITE (Line #51).
>> Due to the missing TLS via header, OpenSER log file was
>> complaining "protocol/port mis-match".
>>
>> The last BYE request (Line #256) is actually firing from Client,
>> which contain the "TLS" via.
>>
>>
>> I've even tried "force_send_socket" to port 5061 (instead of
>> 5060) from loose route, but it complaining TLS certificate error,
>> since Asterisk doesn't support TLS natively, I've no clue why is
>> the ACK/INVITE/CANCEL work but not BYE.
>> if (loose_route) {
>> ....
>> if(is_method("BYE")) { force_send_socket(IP:5061); }
>> }
>>
>>
>> Has any one gone through of this kinda OpenSER over TLS +
>> Asterisk setup,
>> I'm really appreciate if you can share your experience with me,
>> or pin point what's the mistakes I made here.
>>
>> Thanks in advance.
>>
>> Regards,
>> David Loh
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
4:05 p.m.
New subject: [OpenSER-Users] Broken "BYE" returned from Asterisk on TLS implementation ?
David Loh schrieb:
Hi Klaus,
So in order to make it work, the RURI of Asterisk uses should contain
"transport=TLS" right.
yes
if the "transport=TLS" can be appended to
the SIP message, the
disconnection shall be handle properly ?
yes
Currently I'm struggling w/ subst/subst_uri ... it's seems the Regex
textops module used was slightly different from Unix,
I do "subst('/^BYE(.*)SIP\/2\.0/BYE\1;transport=TLS SIP\/2\.0/ ');" but
it doesn't work ...
I'm not sure if subst able to alter the header but if it doesn't, is
there any command that I can use to alter the BYE header ?
There is no need to use subst - just rewrite the request URI. E.g. in
openser 1.2 the following should work:
if (loose_route()) {
...
if (src_ip == ip.address.of.asterisk) {
$ru = $ru + ";transport=tls";
}
...
t_relay();
exit;
}
regards
klaus
Thanks,
David Loh
Klaus Darilion wrote:
Route headers are fine - the problem is the RURI
of the BYE:
See the Contact header of the INVITE:
Contact: <sip:davidloh@x.x.80.178:4294;transport=TLS>
This URI must be used in the RURI of the BYE, but Asterisk uses:
BYE sip:davidloh@x.x.80.178:4294 SIP/2.0
Thus, the proxy forwards the request with UDP instead of TLS. Thus,
this is a bug in Asterisk. Try update Asterisk. Try looking at
Asterisk Bug tracker for this bug. If you are unlucky, open a bug
report on the Asterisk bug tracker (bugs.digium.com)
regards
klaus
David Loh schrieb:
Hi,
Arrggghh .. that's one of my attempts to eliminate the broken "BYE"
problem... that's ngrep was captured when I set "modparam("rr",
"enable_double_rr", "0");",
I've paste another ngrep to http://pastebin.ca/674450, this time the
double RR header is enabled.
And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to
decrypt the post is "openser").
Even though double RR header is enabled, but for BYE it's still
doesn't process properly :(
For the .cfg file line #130 onward, I did tried t_relay, forward and
force_send_socket,
but none of this will do the trick (force_send_socket was complaining
TLS error due to missing certificate (?) )
Would appreciate if anyone could enlighten me why is this happen ?
Thanks,
David Loh
Klaus Darilion wrote:
But the INVITE you posted at
http://pastebin.ca/673392 also has only
one Record-Route header.
regards
klaus
David Loh schrieb:
> Hi,
>
> Yea, OpenSER proxy was add 2 record-route header for the INVITE/ACK
> ...but when asterisk disconnected the call and send BYE back to
> OpenSER,
> the TLS RR header wasn't present, the only 2 RR header was
> "SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP
<Client_WAN_IP>" ....
> I'm puzzled ... is there any command to 'fix' this?
>
>
> Regards,
> David Loh
>
> Klaus Darilion wrote:
>> The openser proxy should add 2 record-route header (TLS and UDP =
>> double record route). This is why it does not work.
>>
>> regards
>> klaus
>>
>> David Loh schrieb:
>>> Hi All,
>>>
>>> Greeting.
>>>
>>> I've been struggle with OpenSER TLS implementation for more than
>>> a week, since I've ported from UDP to TLS, everything work fine
>>> except the "BYE" request from Asterisk (loose route), my
>>> implementation was something like below:
>>>
>>> [Client] --> [Router] --> [Internet] --> [SIP] --> [Asterisk]
>>>
>>> My OpenSER.cfg already configured to listen on two port which is
>>> :- "tls:eth0:5061" and "udp:eth0:5060", client make p2p
or PSTN
>>> (or even voicemail) having no problem,
>>> but when the callee disconnect the call, caller will never get
>>> hang up :(
>>>
>>> I've attached my ethereal trace/ngrep to pastebin,
>>> http://pastebin.ca/673392
>>>
>>> Wondering if anyone can help me with the broken "BYE" that
>>> returned from Asterisk ?
>>> Line #131, supposedly this line should have contain 2 Via header,
>>> one was "SIP/2.0/UDP" and another "SIP/2.0/TLS",
>>> but somehow the TLS via header was gone !! (compare to previous
>>> ACK (Line #117) /INVITE (Line #51).
>>> Due to the missing TLS via header, OpenSER log file was
>>> complaining "protocol/port mis-match".
>>>
>>> The last BYE request (Line #256) is actually firing from Client,
>>> which contain the "TLS" via.
>>>
>>>
>>> I've even tried "force_send_socket" to port 5061 (instead of
>>> 5060) from loose route, but it complaining TLS certificate error,
>>> since Asterisk doesn't support TLS natively, I've no clue why is
>>> the ACK/INVITE/CANCEL work but not BYE.
>>> if (loose_route) {
>>> ....
>>> if(is_method("BYE")) { force_send_socket(IP:5061); }
>>> }
>>>
>>>
>>> Has any one gone through of this kinda OpenSER over TLS +
>>> Asterisk setup,
>>> I'm really appreciate if you can share your experience with me,
>>> or pin point what's the mistakes I made here.
>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>> David Loh
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users(a)openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
4:07 p.m.
New subject: [OpenSER-Users] Broken "BYE" returned from Asterisk on TLS implementation ?
Klaus Darilion schrieb:
David Loh schrieb:
I do not know for sure, but maybe it is necessary to reset the duri (may
be set during loose_route()):
resetdsturi();
Hi Klaus,
So in order to make it work, the RURI of Asterisk uses should contain
"transport=TLS" right.
yes
if the "transport=TLS" can be appended
to the SIP message, the
disconnection shall be handle properly ?
yes
Currently I'm struggling w/ subst/subst_uri ... it's seems the Regex
textops module used was slightly different from Unix,
I do "subst('/^BYE(.*)SIP\/2\.0/BYE\1;transport=TLS SIP\/2\.0/ ');"
but it doesn't work ...
I'm not sure if subst able to alter the header but if it doesn't, is
there any command that I can use to alter the BYE header ?
There is no need to use subst - just rewrite the request URI. E.g. in
openser 1.2 the following should work:
if (loose_route()) {
...
if (src_ip == ip.address.of.asterisk) {
$ru = $ru + ";transport=tls"; }
...
t_relay();
exit;
}
regards
klaus
Thanks,
David Loh
Klaus Darilion wrote:
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users Route headers are fine - the problem is the RURI
of the BYE:
See the Contact header of the INVITE:
Contact: <sip:davidloh@x.x.80.178:4294;transport=TLS>
This URI must be used in the RURI of the BYE, but Asterisk uses:
BYE sip:davidloh@x.x.80.178:4294 SIP/2.0
Thus, the proxy forwards the request with UDP instead of TLS. Thus,
this is a bug in Asterisk. Try update Asterisk. Try looking at
Asterisk Bug tracker for this bug. If you are unlucky, open a bug
report on the Asterisk bug tracker (bugs.digium.com)
regards
klaus
David Loh schrieb:
Hi,
Arrggghh .. that's one of my attempts to eliminate the broken "BYE"
problem... that's ngrep was captured when I set "modparam("rr",
"enable_double_rr", "0");",
I've paste another ngrep to http://pastebin.ca/674450, this time the
double RR header is enabled.
And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to
decrypt the post is "openser").
Even though double RR header is enabled, but for BYE it's still
doesn't process properly :(
For the .cfg file line #130 onward, I did tried t_relay, forward and
force_send_socket,
but none of this will do the trick (force_send_socket was
complaining TLS error due to missing certificate (?) )
Would appreciate if anyone could enlighten me why is this happen ?
Thanks,
David Loh
Klaus Darilion wrote:
> But the INVITE you posted at http://pastebin.ca/673392 also has
> only one Record-Route header.
>
> regards
> klaus
>
> David Loh schrieb:
>> Hi,
>>
>> Yea, OpenSER proxy was add 2 record-route header for the
>> INVITE/ACK ...but when asterisk disconnected the call and send BYE
>> back to OpenSER,
>> the TLS RR header wasn't present, the only 2 RR header was
>> "SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP
<Client_WAN_IP>" ....
>> I'm puzzled ... is there any command to 'fix' this?
>>
>>
>> Regards,
>> David Loh
>>
>> Klaus Darilion wrote:
>>> The openser proxy should add 2 record-route header (TLS and UDP =
>>> double record route). This is why it does not work.
>>>
>>> regards
>>> klaus
>>>
>>> David Loh schrieb:
>>>> Hi All,
>>>>
>>>> Greeting.
>>>>
>>>> I've been struggle with OpenSER TLS implementation for more than
>>>> a week, since I've ported from UDP to TLS, everything work fine
>>>> except the "BYE" request from Asterisk (loose route), my
>>>> implementation was something like below:
>>>>
>>>> [Client] --> [Router] --> [Internet] --> [SIP] -->
[Asterisk]
>>>>
>>>> My OpenSER.cfg already configured to listen on two port which is
>>>> :- "tls:eth0:5061" and "udp:eth0:5060", client make
p2p or PSTN
>>>> (or even voicemail) having no problem,
>>>> but when the callee disconnect the call, caller will never get
>>>> hang up :(
>>>>
>>>> I've attached my ethereal trace/ngrep to pastebin,
>>>> http://pastebin.ca/673392
>>>>
>>>> Wondering if anyone can help me with the broken "BYE" that
>>>> returned from Asterisk ?
>>>> Line #131, supposedly this line should have contain 2 Via
>>>> header, one was "SIP/2.0/UDP" and another
"SIP/2.0/TLS",
>>>> but somehow the TLS via header was gone !! (compare to previous
>>>> ACK (Line #117) /INVITE (Line #51).
>>>> Due to the missing TLS via header, OpenSER log file was
>>>> complaining "protocol/port mis-match".
>>>>
>>>> The last BYE request (Line #256) is actually firing from Client,
>>>> which contain the "TLS" via.
>>>>
>>>>
>>>> I've even tried "force_send_socket" to port 5061 (instead
of
>>>> 5060) from loose route, but it complaining TLS certificate error,
>>>> since Asterisk doesn't support TLS natively, I've no clue why is
>>>> the ACK/INVITE/CANCEL work but not BYE.
>>>> if (loose_route) {
>>>> ....
>>>> if(is_method("BYE")) { force_send_socket(IP:5061); }
>>>> }
>>>>
>>>>
>>>> Has any one gone through of this kinda OpenSER over TLS +
>>>> Asterisk setup,
>>>> I'm really appreciate if you can share your experience with me,
>>>> or pin point what's the mistakes I made here.
>>>>
>>>> Thanks in advance.
>>>>
>>>> Regards,
>>>> David Loh
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users(a)openser.org
>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>
>
5 Sep
5 Sep
10:36 a.m.
New subject: [OpenSER-Users] Broken "BYE" returned from Asterisk on TLS implementation ?
Hi Klaus,
The $ru trick works perfectly (without resetdsturi()) !
Now the disconnection (hang up) is handled properly.
Thank a million.
Regards,
David Loh
Klaus Darilion wrote:
Klaus Darilion schrieb:
David Loh schrieb:
I do not know for sure, but maybe it is necessary to reset the duri
(may be set during loose_route()):
resetdsturi();
Hi Klaus,
So in order to make it work, the RURI of Asterisk uses should
contain "transport=TLS" right.
yes
if the "transport=TLS" can be appended
to the SIP message, the
disconnection shall be handle properly ?
yes
Currently I'm struggling w/ subst/subst_uri ... it's seems the Regex
textops module used was slightly different from Unix,
I do "subst('/^BYE(.*)SIP\/2\.0/BYE\1;transport=TLS SIP\/2\.0/ ');"
but it doesn't work ...
I'm not sure if subst able to alter the header but if it doesn't, is
there any command that I can use to alter the BYE header ?
There is no need to use subst - just rewrite the request URI. E.g. in
openser 1.2 the following should work:
if (loose_route()) {
...
if (src_ip == ip.address.of.asterisk) {
$ru = $ru + ";transport=tls"; }
...
t_relay();
exit;
}
regards
klaus
Thanks,
David Loh
Klaus Darilion wrote:
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users Route headers are fine - the problem is the RURI
of the BYE:
See the Contact header of the INVITE:
Contact: <sip:davidloh@x.x.80.178:4294;transport=TLS>
This URI must be used in the RURI of the BYE, but Asterisk uses:
BYE sip:davidloh@x.x.80.178:4294 SIP/2.0
Thus, the proxy forwards the request with UDP instead of TLS. Thus,
this is a bug in Asterisk. Try update Asterisk. Try looking at
Asterisk Bug tracker for this bug. If you are unlucky, open a bug
report on the Asterisk bug tracker (bugs.digium.com)
regards
klaus
David Loh schrieb:
> Hi,
>
> Arrggghh .. that's one of my attempts to eliminate the broken
> "BYE" problem... that's ngrep was captured when I set
> "modparam("rr", "enable_double_rr", "0");",
> I've paste another ngrep to http://pastebin.ca/674450, this time
> the double RR header is enabled.
> And I've posted my .cfg to http://pastebin.ca/Nx0Ss4Fd (key to
> decrypt the post is "openser").
>
> Even though double RR header is enabled, but for BYE it's still
> doesn't process properly :(
> For the .cfg file line #130 onward, I did tried t_relay, forward
> and force_send_socket,
> but none of this will do the trick (force_send_socket was
> complaining TLS error due to missing certificate (?) )
> Would appreciate if anyone could enlighten me why is this happen ?
>
>
> Thanks,
> David Loh
>
>
>
> Klaus Darilion wrote:
>> But the INVITE you posted at http://pastebin.ca/673392 also has
>> only one Record-Route header.
>>
>> regards
>> klaus
>>
>> David Loh schrieb:
>>> Hi,
>>>
>>> Yea, OpenSER proxy was add 2 record-route header for the
>>> INVITE/ACK ...but when asterisk disconnected the call and send
>>> BYE back to OpenSER,
>>> the TLS RR header wasn't present, the only 2 RR header was
>>> "SIP/2.0/UDP <OpenSER_IP>" and "SIP/2.0/UDP
<Client_WAN_IP>" ....
>>> I'm puzzled ... is there any command to 'fix' this?
>>>
>>>
>>> Regards,
>>> David Loh
>>>
>>> Klaus Darilion wrote:
>>>> The openser proxy should add 2 record-route header (TLS and UDP
>>>> = double record route). This is why it does not work.
>>>>
>>>> regards
>>>> klaus
>>>>
>>>> David Loh schrieb:
>>>>> Hi All,
>>>>>
>>>>> Greeting.
>>>>>
>>>>> I've been struggle with OpenSER TLS implementation for more
>>>>> than a week, since I've ported from UDP to TLS, everything
>>>>> work fine except the "BYE" request from Asterisk (loose
>>>>> route), my implementation was something like below:
>>>>>
>>>>> [Client] --> [Router] --> [Internet] --> [SIP] -->
[Asterisk]
>>>>>
>>>>> My OpenSER.cfg already configured to listen on two port which
>>>>> is :- "tls:eth0:5061" and "udp:eth0:5060", client
make p2p or
>>>>> PSTN (or even voicemail) having no problem,
>>>>> but when the callee disconnect the call, caller will never get
>>>>> hang up :(
>>>>>
>>>>> I've attached my ethereal trace/ngrep to pastebin,
>>>>> http://pastebin.ca/673392
>>>>>
>>>>> Wondering if anyone can help me with the broken "BYE" that
>>>>> returned from Asterisk ?
>>>>> Line #131, supposedly this line should have contain 2 Via
>>>>> header, one was "SIP/2.0/UDP" and another
"SIP/2.0/TLS",
>>>>> but somehow the TLS via header was gone !! (compare to
>>>>> previous ACK (Line #117) /INVITE (Line #51).
>>>>> Due to the missing TLS via header, OpenSER log file was
>>>>> complaining "protocol/port mis-match".
>>>>>
>>>>> The last BYE request (Line #256) is actually firing from
>>>>> Client, which contain the "TLS" via.
>>>>>
>>>>>
>>>>> I've even tried "force_send_socket" to port 5061
(instead of
>>>>> 5060) from loose route, but it complaining TLS certificate error,
>>>>> since Asterisk doesn't support TLS natively, I've no clue why
>>>>> is the ACK/INVITE/CANCEL work but not BYE.
>>>>> if (loose_route) {
>>>>> ....
>>>>> if(is_method("BYE")) { force_send_socket(IP:5061); }
>>>>> }
>>>>>
>>>>>
>>>>> Has any one gone through of this kinda OpenSER over TLS +
>>>>> Asterisk setup,
>>>>> I'm really appreciate if you can share your experience with
>>>>> me, or pin point what's the mistakes I made here.
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> Regards,
>>>>> David Loh
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users(a)openser.org
>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>>>
>>
>>
>
>
6288
days inactive
6295
days old
5 comments
2 participants
participants (2)
-
David Loh -
Klaus Darilion