Didn't read the whole thread, but, in some clients you need to specify the transport is TLS and the port is 5061 (assuming you use the default).
Hth.
Ttyl, Dave -----Original Message----- From: Khoa Pham onmyway133@gmail.com Date: Thu, 21 Mar 2013 03:52:12 To: sr-users@lists.sip-router.org Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
@Moacir, thanks
1. You said that " then use "listen="my ip address" and all enabled services will be bound to the especified IP address." So which port does Kamailio listen for TCP and TLS? How does client know which port to connect to Kamailio ?
On Thu, Mar 21, 2013 at 12:41 AM, Moacir Ferreira <moacirferreira@hotmail.com mailto:moacirferreira@hotmail.com > wrote:
Hummm. When I start playing with Kamailio I had some problems that were related to the compilation process not really to the final product. Now, if you comment out the listen statement then all server interfaces will listen for all enabled services (SIP-UDP, SIP-TCP and SIP-TLS if you enabled it). AS a troubleshooting suggestion, just comment out the "listen" statement and all enabled services will bind to all available IP interfaces. If it works, then use "listen="my ip address" and all enabled services will be bound to the especified IP address. Best regards, Moacir
---------------- From: oej@edvina.net mailto:oej@edvina.net Date: Wed, 20 Mar 2013 12:43:06 +0100 To: sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
20 mar 2013 kl. 10:33 skrev Khoa Pham <onmyway133@gmail.com mailto:onmyway133@gmail.com >:
Hi Olle,
I follow these 2 tutorials 1. http://nil.uniza.sk/network-security/tls/configuring-tls-support-kamailio-31... which only describes to listen on tls
listen=tls:158.193.139.51:5061 http://158.193.139.51:5061/ 2. http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates which only describes to listen on udp and tcp listen=udp:<ip-address-for-receiving-sip-requests>:5060 listen=tcp:<ip-address-for-receiving-sip-requests>:5060
It is not until I listen on both TCP and LTS does it work.
You document http://kamailio.org/docs/modules/4.0.x/modules/tls.html seems to lack of these "listen" Right. But it's in the core cookbook. We should propably add the listen to the TLS docs too.
Thanks!
/O
On Wed, Mar 20, 2013 at 4:10 PM, Olle E. Johansson <oej@edvina.net mailto:oej@edvina.net > wrote:
20 mar 2013 kl. 07:55 skrev Daniel-Constantin Mierla <miconda@gmail.com mailto:miconda@gmail.com >:
Hello,
when tls module is installed, a self signed pair of certificate-private key is generated in /usr/local/etc/kamailio
If you need one that is signed by a trusted CA (e.g., Verisign), you will have to buy it.
Cheers, Daniel
On 3/19/13 8:08 AM, Khoa Pham wrote:
Hi,
I want to enable TLS in Kamailio, as in here http://kamailio.org/docs/modules/stable/modules/tls.html
But how can I get the certificate and private key ?
The documentation for the TLS module actually includes a quick howto. http://kamailio.org/docs/modules/4.0.x/modules/tls.html
What part of this needs clarification? Please help us make the documentation better if there are parts you do not undertand or isn't explained.
Thanks, /O
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
By default Kamailio will listen on the port that is defined by the SIP RFP (http://tools.ietf.org/html/rfc3261) that is 5061. If the client does the same (it complies by default with the RFC) then you don't need to do anything. But as Dave said below, some clients you must do it manually. Moacir > From: jdavidthomson@hotmail.com
To: onmyway133@gmail.com; sr-users@lists.sip-router.org Date: Thu, 21 Mar 2013 03:55:17 +0000 Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
Didn't read the whole thread, but, in some clients you need to specify the transport is TLS and the port is 5061 (assuming you use the default).
Hth.
Ttyl, Dave -----Original Message----- From: Khoa Pham onmyway133@gmail.com Date: Thu, 21 Mar 2013 03:52:12 To: sr-users@lists.sip-router.org Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
@Moacir, thanks
- You said that " then use "listen="my ip address" and all enabled services will be bound to the especified IP address." So which port does Kamailio listen for TCP and TLS? How does client know which port to connect to Kamailio ?
On Thu, Mar 21, 2013 at 12:41 AM, Moacir Ferreira <moacirferreira@hotmail.com mailto:moacirferreira@hotmail.com > wrote:
Hummm. When I start playing with Kamailio I had some problems that were related to the compilation process not really to the final product. Now, if you comment out the listen statement then all server interfaces will listen for all enabled services (SIP-UDP, SIP-TCP and SIP-TLS if you enabled it). AS a troubleshooting suggestion, just comment out the "listen" statement and all enabled services will bind to all available IP interfaces. If it works, then use "listen="my ip address" and all enabled services will be bound to the especified IP address.
Best regards,
Moacir
From: oej@edvina.net mailto:oej@edvina.net Date: Wed, 20 Mar 2013 12:43:06 +0100 To: sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
20 mar 2013 kl. 10:33 skrev Khoa Pham <onmyway133@gmail.com mailto:onmyway133@gmail.com >:
Hi Olle,
I follow these 2 tutorials
which only describes to listen on tls
listen=tls:158.193.139.51:5061 http://158.193.139.51:5061/ 2. http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates which only describes to listen on udp and tcp listen=udp:<ip-address-for-receiving-sip-requests>:5060 listen=tcp:<ip-address-for-receiving-sip-requests>:5060
It is not until I listen on both TCP and LTS does it work.
You document http://kamailio.org/docs/modules/4.0.x/modules/tls.html seems to lack of these "listen" Right. But it's in the core cookbook. We should propably add the listen to the TLS docs too.
Thanks!
/O
On Wed, Mar 20, 2013 at 4:10 PM, Olle E. Johansson <oej@edvina.net mailto:oej@edvina.net > wrote:
20 mar 2013 kl. 07:55 skrev Daniel-Constantin Mierla <miconda@gmail.com mailto:miconda@gmail.com >:
Hello,
when tls module is installed, a self signed pair of certificate-private key is generated in /usr/local/etc/kamailio
If you need one that is signed by a trusted CA (e.g., Verisign), you will have to buy it.
Cheers, Daniel
On 3/19/13 8:08 AM, Khoa Pham wrote:
Hi,
I want to enable TLS in Kamailio, as in here http://kamailio.org/docs/modules/stable/modules/tls.html
But how can I get the certificate and private key ?
The documentation for the TLS module actually includes a quick howto. http://kamailio.org/docs/modules/4.0.x/modules/tls.html
What part of this needs clarification? Please help us make the documentation better if there are parts you do not undertand or isn't explained.
Thanks, /O
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Khoa Pham HCMC University of Science Faculty of Information Technology _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Khoa Pham HCMC University of Science Faculty of Information Technology
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi, What is the best way (or application) to allow for subscribers change manage their own password? Thanks, Moacir
Hello,
On 3/26/13 8:31 PM, Moacir Ferreira wrote:
Hi,
What is the best way (or application) to allow for subscribers change manage their own password?
web portal via https.
Sometimes service providers prefer to have different passwords for web access and sip authentication. In that case you can even generate new sip passwords on demand, ensuring easier some parameters that will increase the protection (e.g., min length, special chars, etc...).
Cheers, Daniel
-
Daniel-Constantin Mierla -
David Thomson -
Moacir Ferreira