Dear Greger,

Thank you very much for reply my message. Thank you.

I am sorry for this problem. I am sorry, maybe because this is my last project, I am too panic to finish it. I must finish it untill this month in order I can graduate from my college.No body in my college understand about this system. Please forgive me... But, If I can tell you ( I am sorry), in this forum I can get many informations. Although this forum for seruser, but many of the member of this forum ever tried to build openser. aren`t they? :) And in this forum, I have got the many reply message about my problem to finish my paper although most of them seruser. So, for my mistake, please forgive me..because I am alone in this final project. Please allow me to use this forum ...Please...

Please forgive..

Thank you :) and thank you very much for all the member of this forum.. Thank you..

Regards,

Ferianto

"Greger V. Teigre" greger@teigre.com wrote: Ferianto. DO NOT CROSS-POST!!! If you ask a openser question, ask it on the openser list, not on the serusers list. The TLS implementations are very different and that is starting to hold for many other things as well. g-(

Ferianto siregar wrote: Dear all,

Thank you very much for time to read my problem. Thank you very much... All, I have built openser server and I can build it successfully. It means that the client can make call each other. The openser server that I build is support TLS (in openser.cfg, I enable the TLS support). But, I need help for testing my TLS in voip communication. I have type command : # openser -V , and I can see that the TLS is used.

But,How can I test the openser that supported TLS? because in my mind, for testing the TLS, I must have a software that supported TLS. So, if the client can communicate each other by using the software phone that supported TLS, it means that the TLS have run successfully (because TLS use port 5061 ). Is this opinion correct?

Or can anybody give a suggestion how to test my openser TLS? if I have to use software phone that supported TLS.Please tell me..Pelase..

Thank you very much for your help. Thank you

Regards,

Ferianto

--------------------------------- Stay in the know. Pulse on the new Yahoo.com. Check it out.

--------------------------------- _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

--------------------------------- How low will we go? Check out Yahoo! Messenger’s low PC-to-Phone call rates.

Hi!

1. start openser on both servers

2. make sure openser is running (both servers) # ps -Alf|grep openser

3. make sure openser is listening on port 5061 (both servers) # netstat -anp|grep 5061

4. configure the opensers to call each other via TLS e.g. configure 2 SIP clients. One registers at proxy A while the other registers at proxy B. Lets assume the Client A uses username a (sip:a@ip.address.of.proxyA) and client B uses username b (sip:b@ip.address.of.proxyB).

Now configure proxy A to route calls to B via TLS.

if (uri =~ "b@") { # write new destination into an AVP avp_printf("$avp(s:new_uri)","sip:b@ip.address.of.proxyB;transport=tls") # push new uri into reuqest URI avp_pushto("$ru","$avp(s:new_uri)"); t_relay(); }

5. call from a to b

6. use ssldump to watch TLS call setups

regards klaus

Ferianto siregar wrote:

Dear Klaus,

Thank you very much for your help and reply my message. Thank you very much. I am very happy to read the reply from you.

Klaus, maybe I am too stupid, may I ask you question anymore? Please... may I ask you about TLS again? Because I am not sure that the configuration that I have made before, is good. Can I ask you?

1. Here is :

In my openser.cfg, for support TLS, I just uncomment the TLS support (the certificate). Here is the part of my openser.cfg :

# uncomment the following lines for TLS support disable_tls = 0 listen = tls:202.95.149.251:5061 tls_verify_client = on tls_require_client_certificate = on tls_verify_server=on tls_method = TLSv1 tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" tls_private_may I ask you about TLS again?

Is this way correct? or there is another configuration that I must make or I have added in openser.cfg, in order the TLS can run successfully? 2 . You said that I can test it by using 2 openser server. I have built it. One using Fedora core 4 and the othe using Redhat 9. But I am confused, how to connect this two openser server? What I have added in openser.cfg in order both of the server can be used to communicate and test TLS ? Would you mind tell me Klaus? Please give me a suggestion..Please

Thank you very much, Thank you Regards,

Ferianto

*/Klaus Darilion klaus.mailinglists@pernau.at/* wrote:

Ferianto siregar wrote:
 > Dear all,
 >
 > Thank you very much for time to read my problem. Thank you very
much...
 > All, I have built openser server and I can build it successfully. It
 > means that the client can make call each other.
 > The openser server that I build is support TLS (in openser.cfg, I
enable
 > the TLS support).
 > But, I need help for testing my TLS in voip communication.
 > I have type command : # openser -V , and I can see that the TLS
is used.
 >
 > But,How can I test the openser that supported TLS? because in my
 > mind, for testing the TLS, I must have a software that supported
TLS.

xlite supports TLS, also minisip

you can also use 2 openser's to talk TLS between the 2 openser's

 > So, if the client can communicate each other by using the
software phone
 > that supported TLS, it means that the TLS have run successfully
(because
 > TLS use port 5061 ).
 > Is this opinion correct?

yes. but make sure the connection is really routed via port 5061/TLS.

Good tools for debugging:

1. ssldump
2. ngrep (check the ports which are used)
3. you can configure openser TLS to use NULL cipher. This way it is TLS
but not encrypted and you can use a packet sniffer to watch the
signaling.

regards
klaus

 >
 > Or can anybody give a suggestion how to test my openser TLS? if I
have
 > to use software phone that supported TLS.Please tell me..Pelase..
 >
 > Thank you very much for your help.
 > Thank you
 >
 > Regards,
 >
 >
 > Ferianto
 >
 >
 >
------------------------------------------------------------------------
 > Stay in the know. Pulse on the new Yahoo.com. Check it out.
 >
 >
 >
 >
------------------------------------------------------------------------
 >
 > _______________________________________________
 > Serusers mailing list
 > Serusers@lists.iptel.org
 > http://lists.iptel.org/mailman/listinfo/serusers

---

Get your email and more, right on the new Yahoo.com http://us.rd.yahoo.com/evt=42973/*http://www.yahoo.com/preview