I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprüngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the message came in ... you can do something like: if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't work correct. Some Clients can't connect and others can't establish calls. I read in another thread, that UDP is mandatory for SIP and that the server need it.
But how can I prevent users from connecting via UDP and force them to use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
it must be proto!=TLS. please see: http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook#proto
Cheers, Daniel
On 04/11/06 17:45, Thorsten.Haupt@t-systems.com wrote:
I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprüngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the message came in ... you can do something like: if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't work correct. Some Clients can't connect and others can't establish calls. I read in another thread, that UDP is mandatory for SIP and that the server need it.
But how can I prevent users from connecting via UDP and force them to use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Torsten,
guess is : if (proto!=TLS) { }
see: http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook#proto
regards, bogdan
Thorsten.Haupt@t-systems.com wrote:
I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprüngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the message came in ... you can do something like: if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't work correct. Some Clients can't connect and others can't establish calls. I read in another thread, that UDP is mandatory for SIP and that the server need it.
But how can I prevent users from connecting via UDP and force them to use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6...
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprüngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the message came in ... you can do something like: if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't work correct. Some Clients can't connect and others can't establish calls. I read in another thread, that UDP is mandatory for SIP and that the server need it.
But how can I prevent users from connecting via UDP and force them to use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I tried that out. I check if proto is TLS: if (proto != TLS) { sl_send_reply("403", "Forbidden"); exit; };
But I get this error: 3(28893) ERROR:tm:add_uac: can't fwd to af 2, proto 1 (no corresponding listening socket) 3(28893) ERROR:tm:t_forward_nonack: failure to add branches 3(28893) ERROR:tm:t_relay_to: t_forward_nonack returned error
What does it mean? What I'm doing wrong? My SER is only listening on tls port 5061. Do I still have to open udp 5060 ?
chris...
Cesc wrote:
http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6...
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprüngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the message came in ... you can do something like: if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't work correct. Some Clients can't connect and others can't establish calls. I read in another thread, that UDP is mandatory for SIP and that the server need it.
But how can I prevent users from connecting via UDP and force them to use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hello,
On 04/13/06 11:52, Christoph Fürstaller wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I tried that out. I check if proto is TLS: if (proto != TLS) { sl_send_reply("403", "Forbidden"); exit; };
But I get this error: 3(28893) ERROR:tm:add_uac: can't fwd to af 2, proto 1 (no corresponding listening socket) 3(28893) ERROR:tm:t_forward_nonack: failure to add branches 3(28893) ERROR:tm:t_relay_to: t_forward_nonack returned error
What does it mean? What I'm doing wrong? My SER is only listening on tls port 5061. Do I still have to open udp 5060 ?
it seems that you try to forward on UDP. You can configure openser to listen on UDP as well, and drop messages coming on UDP, if you want to accept only TLS. (as you have in above snippet). If all peers you connect to support TLS, then you can forse sending over TLS all the time.
Cheers, Daniel
chris...
Cesc wrote:
http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6...
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprüngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the message came in ... you can do something like: if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't work correct. Some Clients can't connect and others can't establish calls. I read in another thread, that UDP is mandatory for SIP and that the server need it.
But how can I prevent users from connecting via UDP and force them to use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But is this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEPhFaR0exH8dhr/YRAnYcAKC5SRrH9RuFLO74LjVDbKx9Lix/1ACdHXCR 2vxI8axUUKfrjQ3m1YdYzwA= =9jKq -----END PGP SIGNATURE-----
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Bogdan-Andrei Iancu -
Cesc -
Christoph Fürstaller -
Daniel-Constantin Mierla -
Thorsten.Haupt@t-systems.com