I Used this tls.cfg

Use bc2025.pem as extra, Microsoft needs this…

And works fine on different Kamailio-msteams sbcs

[server:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

server_name = sbc.combivoipdom.nl

[client:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

Cheers Rob

Van: sr-users sr-users-bounces@lists.kamailio.org Namens Daniel-Constantin Mierla Verzonden: donderdag 7 januari 2021 08:53 Aan: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org; Willy Valles Rios willyvalles17@gmail.com CC: Carlos Mestanza T. mestacart@gmail.com Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio

Does this happen when Kamailio connects to MS Teams? The logs indicate the received TLS certificate is not trusted:

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide more hints. For me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl 1.1.

Cheers, Daniel

On 06.01.21 21:47, Willy Valles Rios wrote:

Hello community,

I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently have this configuration in my tls.cfg file

[server: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

[client: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

My domain was certified with ssl through an authoritative certifier (GoDaddy), however I see these errors in the / var / log / messages of the Kamailio server.

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support!

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, compression: on

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 13107200 and 6553600 bytes

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg size: 4194304

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially 212992

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs: certificate='/etc/kamailio/certificados/certificate.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs: private_key='/etc/kamailio/certificados/private-key.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='' ...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid certificate

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc: certificate='/etc/kamailio/certificados/certificate.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc: private_key='/etc/kamailio/certificados/private-key.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid certificate

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)

Could you help me identify the problem please.

Cheers

Saludos Cordiales

Thanks Cheers Rob,

Protocol error messages are no longer displayed when adding the bc2025.pem file, but entering the command "kamcmd dispatcher.list | egrep" URI | FLAGS "shows us:

URI: sip: sip.pstnhub.microsoft.com; transport = tls FLAGS: IP URI: sip: sip2.pstnhub.microsoft.com; transport = tls FLAGS: IP URI: sip: sip3.pstnhub.microsoft.com; transport = tls FLAGS: IP

Is there something else that needs to be done?

Atentamente

*Adalberto Carlos Mestanza T.*

El jue, 7 ene 2021 a las 15:41, Carlos Mestanza T. (mestacart@gmail.com) escribió:

I am a friend of Willy and we are doing this integration, today I create wildcard certificates in letsencrypt, for this use acme.sh and integrate it with the DNS CLOUDNS provider, the certificates were generated successfully, we replace the old ones, in the LOGs it gives us understanding q accept the certificates.

[image: image.png]

[image: image.png]

But he has the same messages.

Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7fdfc14a8cf8 r: 0x7fdfc14a8e20 (-1)

Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.7.24 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)

Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24 Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)

Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46 Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66 Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7fdfc1494d20 r: 0x7fdfc1494e48 (-1)

Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70 Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Atentamente

*Adalberto Carlos Mestanza T.*

El jue, 7 ene 2021 a las 8:08, rob.van.den.bulk@gmail.com escribió:

...

I Used this tls.cfg

Use bc2025.pem as extra, Microsoft needs this…

And works fine on different Kamailio-msteams sbcs

[server:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

server_name = sbc.combivoipdom.nl

[client:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

Cheers Rob

*Van:* sr-users sr-users-bounces@lists.kamailio.org *Namens *Daniel-Constantin Mierla *Verzonden:* donderdag 7 januari 2021 08:53 *Aan:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org; Willy Valles Rios willyvalles17@gmail.com *CC:* Carlos Mestanza T. mestacart@gmail.com *Onderwerp:* Re: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio

Does this happen when Kamailio connects to MS Teams? The logs indicate the received TLS certificate is not trusted:

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide more hints. For me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl 1.1.

Cheers, Daniel

On 06.01.21 21:47, Willy Valles Rios wrote:

Hello community,

I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently have this configuration in my tls.cfg file

[server: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

[client: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

My domain was certified with ssl through an authoritative certifier (GoDaddy), however I see these errors in the / var / log / messages of the Kamailio server.

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support!

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, compression: on

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 13107200 and 6553600 bytes

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg size: 4194304

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially 212992

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs: certificate='/etc/kamailio/certificados/certificate.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs: private_key='/etc/kamailio/certificados/private-key.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='' ...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid certificate

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc: certificate='/etc/kamailio/certificados/certificate.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc: private_key='/etc/kamailio/certificados/private-key.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid certificate

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7f45242be028 r: 0x7f45242be150 (-1)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7f45242be028 r: 0x7f45242be150 (-1)

Could you help me identify the problem please.

Cheers

Saludos Cordiales

--

*Willy Valles Rios*

*Unified Communications Specialist*

phone: +51955747343

em@il: willyvalles17@gmail.com

---

Kamailio (SER) - Users Mailing List

sr-users@lists.kamailio.org

https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--

Daniel-Constantin Mierla -- www.asipto.com

www.twitter.com/miconda -- www.linkedin.com/in/miconda

Funding: https://www.paypal.me/dcmierla

Hello Rob and Community,

After a while, I finally got the connection from my Kamailio server to MsTeams and I can validate that the connection to MsTeams is in AP.

[root @ kamailio-server kamailio] # kamcmd dispatcher.list | egrep "URI | FLAGS" URI: sip: sip.pstnhub.microsoft.com; transport = tls FLAGS: AP

However, from the admin panel of MsTeams (Direct Routing) I see that the connection to my sbc "sbc.netvoiceperu.com" is with TLS connectivity status in "Active" but the SIP options status is in "Warning".

I have made calls from MsTeams thinking that the SIP options status would change to "active" but it is still in "Warning" state. On the other hand, I have enabled a siptrace in Kamailio and verify that the SIP OPTIONS from kamailio are being sent in the following format to MsTeams.

OPTIONS sip: sip.pstnhub.microsoft.com; transport = tls SIP / 2.0 Via: SIP / 2.0 / TLS 161.35.44.66:5061;branch=z9hG4bKea07.52224687000000000000000000000000.0 To: <sip: sip.pstnhub.microsoft.com; transport = tls> From: <sip: sbc.netvoiceperu.com>; tag = d3569c818b500aeb8c373426e76c2884-81763c71 CSeq: 10 OPTIONS Call-ID: 13ea237a751e0c48-9148@161.35.44.66 Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (5.4.0 (x86_64 / linux))

As you can see, the SIP OPTIONS sent from Kamailio to MsTeams does not contain the "Contact" field, which in theory said "Contact" field should have been added by Kamailio according to the configuration added in kamailio.cfg

event_route [tm: local-request] { sip_trace (); if (is_method ("OPTIONS") && $ ru = ~ "pstnhub.microsoft.com") { append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061; transport = tls> \ r \ n"); } xlog ("L_INFO", "Sent out tm request: $ mb \ n"); }

As additional information, I inform you that I also managed to observe the SIP OPTIONS that MsTeams sends to Kamailio.

OPTIONS sip: sbc.netvoiceperu.com: 5061; transport = tls SIP / 2.0 FROM: <sip: sip-du-a-eu.pstnhub.microsoft.com: 5061>; tag = f1bdeb5f-662f-4544-a436-e9aa9ad78da4 TO: <sip: sbc.netvoiceperu.com> CSEQ: 1 OPTIONS CALL-ID: c47e2782-16c3-49cb-8931-24e9709d260a MAX-FORWARDS: 70 VIA: SIP / 2.0 / TLS 52.114.75.24:5061;branch=z9hG4bK48b0e6be CONTACT: <sip: sip-du-a-eu.pstnhub.microsoft.com: 5061> CONTENT-LENGTH: 0 USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2021.1.15.7 i.EUWE.10 ALLOW: INVITE, ACK, OPTIONS, CANCEL, BYE, NOTIFY

However I don't see the 200 OK SIP responses from Kamailio to MsTeams.

I think this may be the reason why I see the SIP OPTIONS status in "Warning" from the MsTeams panel. Maybe the contact field is not being added in the SIP OPTIONS messages that Kamailio sends to MsTeams and for that reason I don't see 200OK responses from MsTeams.

Could you help me solve this please.

Cheers

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Hello Rob and Community,

I comment that this configuration if I have it added in my kamailio.cfg in this way.

event_route[tm:local-request] {

if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:sbc.netvoiceperu.com:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }

In fact I have also followed the guide from "https://skalatan.de/en/blog/kamailio-sbc-teams", however I still can't establish the connection between MsTeams and Kamailio correctly. As I said in the previous comment, from Kamailio I see that the flag towards MsTeams is in AP. But from MsTeams I see that the "Sip Options Status" is in Warning.

Additionally, through Kamailio's sip_trace, I don't see Kamailio's SIP OPTIONS 200 OK responses to MsTeams. Could you help me by taking a look at my kamailio.cfg? Maybe there is an error in the configuration or something additional is missing to correctly complete the signaling between Kamailio and MsTeams. I attach my "kamailio.cfg".

Please your support everyone.

Cheers

kamailio.cfg http://sip-router.1086192.n5.nabble.com/file/t8092/kamailio.cfg

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

That certificate should already be present under the OS's trusted certificates directory (debian and ubuntu certs are stored under /etc/ssl/certs), maybe under a different name, and is required for remote endpoint's certificate validation. One can load a particular certificate or a list of certificates. Multiple certificates can be concatenated into one single file as stated in the documentation: https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list Hope this helps a little bit in understanding of the ca_list param.

Regards, Ovidiu Sas

On Thu, Jan 7, 2021 at 8:10 AM rob.van.den.bulk@gmail.com wrote:

I Used this tls.cfg

Use bc2025.pem as extra, Microsoft needs this…

And works fine on different Kamailio-msteams sbcs

[server:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

server_name = sbc.combivoipdom.nl

[client:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

Cheers Rob

Van: sr-users sr-users-bounces@lists.kamailio.org Namens Daniel-Constantin Mierla Verzonden: donderdag 7 januari 2021 08:53 Aan: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org; Willy Valles Rios willyvalles17@gmail.com CC: Carlos Mestanza T. mestacart@gmail.com Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio

Does this happen when Kamailio connects to MS Teams? The logs indicate the received TLS certificate is not trusted:

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide more hints. For me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl 1.1.

Cheers, Daniel

On 06.01.21 21:47, Willy Valles Rios wrote:

Hello community,

I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently have this configuration in my tls.cfg file

[server: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

[client: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

My domain was certified with ssl through an authoritative certifier (GoDaddy), however I see these errors in the / var / log / messages of the Kamailio server.

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support!

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, compression: on

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 13107200 and 6553600 bytes

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg size: 4194304

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially 212992

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs: certificate='/etc/kamailio/certificados/certificate.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs: private_key='/etc/kamailio/certificados/private-key.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='' ...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid certificate

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc: certificate='/etc/kamailio/certificados/certificate.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc: private_key='/etc/kamailio/certificados/private-key.pem'

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid certificate

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)

Could you help me identify the problem please.

Cheers

Saludos Cordiales

--

Willy Valles Rios

Unified Communications Specialist

phone: +51955747343

em@il: willyvalles17@gmail.com

---

Kamailio (SER) - Users Mailing List

sr-users@lists.kamailio.org

https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--

Daniel-Constantin Mierla -- www.asipto.com

www.twitter.com/miconda -- www.linkedin.com/in/miconda

Funding: https://www.paypal.me/dcmierla

---

Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Hello Rob and Kamailio Community,

I tell you to load the .pem certificate you attached as ca_list (in the tls.cfg file) Finally, my file was like this.

[server:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem server_name = sbc.netvoiceperu.com

[client:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem

After doing this I no longer got any error. Next I show the logs.

Jan 7 21:52:15 Kamailio-Server systemd: Started Kamailio (OpenSER) - the Open Source SIP Server. Jan 7 21:52:15 Kamailio-Server kamailio: INFO: tls [tls_init.c:503]: init_tls_compression(): disabling compression... Jan 7 21:52:15 Kamailio-Server kamailio: Listening on Jan 7 21:52:15 Kamailio-Server kamailio: tls: 161.35.44.66:5061 Jan 7 21:52:15 Kamailio-Server kamailio: Aliases: Jan 7 21:52:15 Kamailio-Server kamailio: tls: kamailio-server:5061 Jan 7 21:52:15 Kamailio-Server kamailio: INFO: <core> [core/tcp_main.c:4983]: init_tcp(): using epoll_lt as the io watch method (auto detected) Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, compression: on Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: WARNING: tls [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 8912896 and 4456448 bytes Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 8912896 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 4456448 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core> [main.c:2834]: main(): processes (at least): 17 - shm size: 67108864 - pkg size: 4194304 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs<default>: tls_method=22 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs<default>: certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs<default>: ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs<default>: crl='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs<default>: require_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs<default>: cipher_list='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs<default>: private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs<default>: verify_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs<default>: verify_depth=9 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs<default>: verify_client=0 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: NOTICE: tls [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='sbc.netvoiceperu.com' ... Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:697]: set_verification(): TLSs<default>: Client MUST present valid certificate Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc<default>: tls_method=22 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc<default>: certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc<default>: ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc<default>: crl='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc<default>: require_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc<default>: cipher_list='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc<default>: private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc<default>: verify_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc<default>: verify_depth=9 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc<default>: verify_client=0 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:697]: set_verification(): TLSc<default>: Server MUST present valid certificate Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29306]: INFO: jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/29306 Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29308]: INFO: ctl [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config).

Also, I attach TLS communication flow between Microsoft and Kamailio (See attached image "Flow TLS Certificate"). As you can see, the TLS communication of the certificates is successful, however the SIP connection to Microsoft is still status down.

[root@kamailio-server ~]# kamcmd dispatcher.list | egrep "URI|FLAGS" URI: sip:sip.pstnhub.microsoft.com ;transport=tls FLAGS: IP URI: sip:sip2.pstnhub.microsoft.com ;transport=tls FLAGS: IP URI: sip:sip3.pstnhub.microsoft.com ;transport=tls FLAGS: IP

Is it possible that I have an error or I am missing a configuration parameter in the kamailio.cfg and dispatcher.list file?. Attached kamailio.cfg and dispatcher.list

Please your great help to solve this. Atentamente

*Adalberto Carlos Mestanza T.*

El jue, 7 ene 2021 a las 22:23, Carlos Mestanza T. (mestacart@gmail.com) escribió:

Hello Rob and Kamailio Community,

I tell you to load the .pem certificate you attached as ca_list (in the tls.cfg file) Finally, my file was like this.

[server:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem server_name = sbc.netvoiceperu.com

[client:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem

After doing this I no longer got any error. Next I show the logs.

Jan 7 21:52:15 Kamailio-Server systemd: Started Kamailio (OpenSER) - the Open Source SIP Server. Jan 7 21:52:15 Kamailio-Server kamailio: INFO: tls [tls_init.c:503]: init_tls_compression(): disabling compression... Jan 7 21:52:15 Kamailio-Server kamailio: Listening on Jan 7 21:52:15 Kamailio-Server kamailio: tls: 161.35.44.66:5061 Jan 7 21:52:15 Kamailio-Server kamailio: Aliases: Jan 7 21:52:15 Kamailio-Server kamailio: tls: kamailio-server:5061 Jan 7 21:52:15 Kamailio-Server kamailio: INFO: <core> [core/tcp_main.c:4983]: init_tcp(): using epoll_lt as the io watch method (auto detected) Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, compression: on Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: WARNING: tls [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 8912896 and 4456448 bytes Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 8912896 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 4456448 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core> [main.c:2834]: main(): processes (at least): 17 - shm size: 67108864 - pkg size: 4194304 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs<default>: tls_method=22 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs<default>: certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs<default>: ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs<default>: crl='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs<default>: require_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs<default>: cipher_list='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs<default>: private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs<default>: verify_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs<default>: verify_depth=9 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs<default>: verify_client=0 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: NOTICE: tls [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='sbc.netvoiceperu.com' ... Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:697]: set_verification(): TLSs<default>: Client MUST present valid certificate Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc<default>: tls_method=22 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc<default>: certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc<default>: ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc<default>: crl='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc<default>: require_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc<default>: cipher_list='(null)' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc<default>: private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem' Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc<default>: verify_certificate=1 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc<default>: verify_depth=9 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc<default>: verify_client=0 Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls [tls_domain.c:697]: set_verification(): TLSc<default>: Server MUST present valid certificate Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29306]: INFO: jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/29306 Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29308]: INFO: ctl [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config).

Also, I attach TLS communication flow between Microsoft and Kamailio (See attached image "Flow TLS Certificate"). As you can see, the TLS communication of the certificates is successful, however the SIP connection to Microsoft is still status down.

[root@kamailio-server ~]# kamcmd dispatcher.list | egrep "URI|FLAGS" URI: sip:sip.pstnhub.microsoft.com ;transport=tls FLAGS: IP URI: sip: sip2.pstnhub.microsoft.com;transport=tls FLAGS: IP URI: sip: sip3.pstnhub.microsoft.com;transport=tls FLAGS: IP

Is it possible that I have an error or I am missing a configuration parameter in the kamailio.cfg and dispatcher.list file?. Attached kamailio.cfg and dispatcher.list

Please your great help to solve this.

Atentamente

*Adalberto Carlos Mestanza T.*

El jue, 7 ene 2021 a las 21:54, Ovidiu Sas (osas@voipembedded.com) escribió:

...

That certificate should already be present under the OS's trusted certificates directory (debian and ubuntu certs are stored under /etc/ssl/certs), maybe under a different name, and is required for remote endpoint's certificate validation. One can load a particular certificate or a list of certificates. Multiple certificates can be concatenated into one single file as stated in the documentation: https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list Hope this helps a little bit in understanding of the ca_list param.

Regards, Ovidiu Sas

On Thu, Jan 7, 2021 at 8:10 AM rob.van.den.bulk@gmail.com wrote:

...

I Used this tls.cfg

Use bc2025.pem as extra, Microsoft needs this…

And works fine on different Kamailio-msteams sbcs

[server:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate =

/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

...

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

server_name = sbc.combivoipdom.nl

[client:default]

method = TLSv1.2+

verify_certificate = yes

require_certificate = yes

private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem

certificate =

/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem

...

ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem

Cheers Rob

Van: sr-users sr-users-bounces@lists.kamailio.org Namens

Daniel-Constantin Mierla

...

Verzonden: donderdag 7 januari 2021 08:53 Aan: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org;

Willy Valles Rios willyvalles17@gmail.com

...

CC: Carlos Mestanza T. mestacart@gmail.com Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between

MsTeams and Kamailio

...

Does this happen when Kamailio connects to MS Teams? The logs indicate

the received TLS certificate is not trusted:

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls

[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

...

You can set debug=3 in kamailio.cfg and see if the DEBUG messages

provide more hints. For me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl 1.1.

...

Cheers, Daniel

On 06.01.21 21:47, Willy Valles Rios wrote:

Hello community,

I am having trouble establishing SIP signaling between MsTeams and

Kamailio. I currently have this configuration in my tls.cfg file

...

[server: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

[client: default]

method = TLSv1.2 +

verify_certificate = yes

require_certificate = yes

private_key = /etc/kamailio/certificates/private-key.pem

certificate = /etc/kamailio/certificates/certificate.pem

My domain was certified with ssl through an authoritative certifier

(GoDaddy), however I see these errors in the / var / log / messages of the Kamailio server.

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_mod.c:389]: mod_init(): With ECDH-Support!

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_mod.c:392]: mod_init(): With Diffie Hellman

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, compression: on

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls

[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 13107200 and 6553600 bytes

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:

[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:

[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:

[main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg size: 4194304

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:

[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially 212992

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:

[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs: certificate='/etc/kamailio/certificados/certificate.pem'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs: private_key='/etc/kamailio/certificados/private-key.pem'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls

[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='' ...

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid certificate

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc: certificate='/etc/kamailio/certificados/certificate.pem'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc: private_key='/etc/kamailio/certificados/private-key.pem'

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls

[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid certificate

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO:

jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422

...

Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl

[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls

[tls_server.c:1283]: tls_h_read_f(): protocol level error

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls

[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls

[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls

[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:

[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7f45242be028 r: 0x7f45242be150 (-1)

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls

[tls_server.c:1283]: tls_h_read_f(): protocol level error

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls

[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls

[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls

[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:

[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls

[tls_server.c:1283]: tls_h_read_f(): protocol level error

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls

[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls

[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls

[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66

...

Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:

[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading

• c: 0x7f45242be028 r: 0x7f45242be150 (-1)

...

Could you help me identify the problem please.

Cheers

Saludos Cordiales

--

Willy Valles Rios

Unified Communications Specialist

phone: +51955747343

em@il: willyvalles17@gmail.com

---

Kamailio (SER) - Users Mailing List

sr-users@lists.kamailio.org

https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--

Daniel-Constantin Mierla -- www.asipto.com

www.twitter.com/miconda -- www.linkedin.com/in/miconda

Funding: https://www.paypal.me/dcmierla

---

Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- VoIP Embedded, Inc. http://www.voipembedded.com

Dear Kamilio Community,

After doing several reads to our Kamailio configuration, the dispatcher list is in AP:

URI: sip: sip.pstnhub.microsoft.com; transport = tls FLAGS: AP URI: sip: sip2.pstnhub.microsoft.com; transport = tls FLAGS: AP URI: sip: sip3.pstnhub.microsoft.com; transport = tls FLAGS: AP

But in the MS Teams dashboard the SIP OPTIONS STATUS column is WARNING.

In the LOGs sent to OPTIONS, it gives us to understand that with sent to MS TEAMS:

Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS 161.35.44.66:5061;branch=z9hG4bKd25f.2835f676000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip: sbc.netvoiceperu.com;tag=69ae0da9200ed8d142f2e4a69f531080-213e3c71#015#012CSeq: 10 OPTIONS#015#012Call-ID: 07561978687e60d0-1444@10.131.245.99#015#012Max-Forwards http://07561978687e60d0-1444@10.131.245.99/#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0 (x86_64/linux)) Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS 161.35.44.66:5061;branch=z9hG4bKe25f.b14dc514000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip: sbc.netvoiceperu.com;tag=69ae0da9200ed8d142f2e4a69f531080-44c3af70#015#012CSeq: 10 OPTIONS#015#012Call-ID: 07561978687e60d1-1444@10.131.245.99#015#012Max-Forwards http://07561978687e60d1-1444@10.131.245.99/#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0 (x86_64/linux)) Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS 161.35.44.66:5061;branch=z9hG4bKb25f.8442f914000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip: sbc.netvoiceperu.com;tag=69ae0da9200ed8d142f2e4a69f531080-fa555adb#015#012CSeq: 10 OPTIONS#015#012Call-ID: 07561978687e60d2-1444@10.131.245.99#015#012Max-Forwards http://07561978687e60d2-1444@10.131.245.99/#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0 (x86_64/linux)) Jan 8 19:01:42 Kamailio-Server journal: Suppressed 103 messages from /system.slice/kamailio.service

In the kamailio.cfg configuration it is declared:

listen=tls:161.35.44.66:5061 listen=tcp:10.131.245.99:5061

modparam ("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") modparam ("dispatcher", "ds_probing_mode", 1) modparam ("dispatcher", "ds_ping_interval", 60)

And this fragment was also added:

event_route [tm: local-request] {

if (is_method ("OPTIONS") && $ ru = ~ "pstnhub.microsoft.com") { append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061; transport = tls> \ r \ n"); } xlog ("L_INFO", "Sent out tm request: $ mb \ n"); }

There is something additional that has to be declared so that in the MS Teams panel the SIP OPTIONS STATUS column is shown as ACTIVE and not as WARNNING, in the MS TEAMS documentation it is a possible problem related to OPTIONS events.

Saludos Cordiales