15 Aug
2024
15 Aug
'24
9:46 a.m.
Dear all,
Trying to integrate Kamailio with MS Teams by following
https://skalatan.de/en/blog/kamailio-sbc-teams
kamcmd dispatcher.list | egrep "URI|FLAGS"
URI: sip:sip.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:sip2.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:sip3.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
Kamailio Logs:
/usr/local/sbin/kamailio[412158]: INFO: <script>: Sent out tm request:
OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012
Via: SIP/2.0/TLS
x.x.x.x:5061;branch=z9hG4bK5dad.92de50b2000000000000000000000000.0#015#012
To: <sip:sip.pstnhub.microsoft.com;transport=tls>#015#012
From: <sip:test.mytest.com
;tag=5d0939b82abe9b1bbf185d963b6e6c88-edeb3c71#015#012
CSeq: 10 OPTIONS#015#012
Call-ID: 2db6bede5631d9b6-412158(a)88.99.244.106#015#012
Max-Forwards: 70#015#012Content-Length: 0#015#012
User-Agent: kamailio (5.8.2 (x86_64/linux))
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1312]:
tls_h_read_f(): protocol level error
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_util.h:49]:
tls_err_ret(): TLS write:error:0A000086:SSL routines::certificate verify
failed (sni: unknown)
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1316]:
tls_h_read_f(): src addr: 52.114.75.24:5061
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1319]:
tls_h_read_f(): dst addr: x.x.x.x:0
/usr/local/sbin/kamailio[412165]: ERROR: <core> [core/tcp_read.c:1524]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fa74d265d40 r:
0x7fa74d265e68 (-1)
tls.cfg:
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
server_name = test.mytest.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
Please suggest what I am missing.
---
Thanks,
15 Aug
15 Aug
10:30 a.m.
On Aug 15, 2024, at 8:46 AM, Muhammad Sohaib via
sr-users <sr-users(a)lists.kamailio.org> wrote:
Dear all,
[snip]
tls.cfg:
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
server_name = test.mytest.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
Please suggest what I am missing.
There should be a document from MS about the certificates they are willing to accept. I’m
fairly certain they do not accept letsencrypt.
Regards,
Fred Posner
https://www.fredoso.com
10:59 a.m.
Hello Fred,
letsencrypt works just fine with MS Teams.
Cheers,
Henning
-----Original Message-----
From: Fred Posner via sr-users <sr-users(a)lists.kamailio.org>
Sent: Donnerstag, 15. August 2024 16:30
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Fred Posner <fred(a)qxork.com>
Subject: [SR-Users] Re: certificate verify failed (sni: unknown) integration with
ms teams
On Aug 15, 2024, at 8:46 AM, Muhammad Sohaib via
sr-users <sr-
users(a)lists.kamailio.org> wrote:
Dear all,
[snip]
tls.cfg:
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
server_name = test.mytest.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
Please suggest what I am missing.
There should be a document from MS about the certificates they are willing to
accept. I’m fairly certain they do not accept letsencrypt.
Regards,
Fred Posner
https://www.fredoso.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe
send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
11:16 a.m.
I think the issue here is the ca_list setting. As far as I know this needs to be created
including both the LE CA certs but also the specific MS CA certs.
- Barry Flanagan
On 15 Aug 2024, at 15:59, Henning Westerholt via
sr-users <sr-users(a)lists.kamailio.org> wrote:
Hello Fred,
letsencrypt works just fine with MS Teams.
Cheers,
Henning
-----Original Message-----
From: Fred Posner via sr-users <sr-users(a)lists.kamailio.org>
Sent: Donnerstag, 15. August 2024 16:30
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Fred Posner <fred(a)qxork.com>
Subject: [SR-Users] Re: certificate verify failed (sni: unknown) integration with
ms teams
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe: On Aug 15, 2024, at 8:46 AM, Muhammad Sohaib via
sr-users <sr-
users(a)lists.kamailio.org> wrote:
Dear all,
[snip]
tls.cfg:
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
server_name = test.mytest.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
Please suggest what I am missing.
There should be a document from MS about the certificates they are willing to
accept. I’m fairly certain they do not accept letsencrypt.
Regards,
Fred Posner
https://www.fredoso.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe
send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe: 
2:02 p.m.
Hi Muhammad
Can you try your tls cfg as below and make sure your certificates have the right
permissions.
[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem
certificate = /etc/letsencypt/live/MYDOMAIN/fullchain.pem
[client:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem
certificate = /etc/letsencrypt/live/MYDOMAIN/fullchain.pem
From: Muhammad Sohaib via sr-users [mailto:sr-users@lists.kamailio.org]
Sent: Thursday, 15 August 2024 3:46 PM
To: Kamailio (SER) - Users Mailing List
Cc: Muhammad Sohaib
Subject: [SR-Users] certificate verify failed (sni: unknown) integration with ms teams
Dear all,
Trying to integrate Kamailio with MS Teams by following
https://skalatan.de/en/blog/kamailio-sbc-teams
kamcmd dispatcher.list | egrep "URI|FLAGS"
URI: sip:sip.pstnhub.microsoft.com;transport=tls
FLAGS: IP
URI: sip:sip2.pstnhub.microsoft.com;transport=tls
FLAGS: IP
URI: sip:sip3.pstnhub.microsoft.com;transport=tls
FLAGS: IP
Kamailio Logs:
/usr/local/sbin/kamailio[412158]: INFO: <script>: Sent out tm request:
OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012
Via: SIP/2.0/TLS
x.x.x.x:5061;branch=z9hG4bK5dad.92de50b2000000000000000000000000.0#015#012
To: <sip:sip.pstnhub.microsoft.com;transport=tls>#015#012
From: <sip:test.mytest.com>;tag=5d0939b82abe9b1bbf185d963b6e6c88-edeb3c71#015#012
CSeq: 10 OPTIONS#015#012
Call-ID: 2db6bede5631d9b6-412158(a)88.99.244.106#015#012
Max-Forwards: 70#015#012Content-Length: 0#015#012
User-Agent: kamailio (5.8.2 (x86_64/linux))
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1312]: tls_h_read_f(): protocol
level error
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_util.h:49]: tls_err_ret(): TLS
write:error:0A000086:SSL routines::certificate verify failed (sni: unknown)
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1316]: tls_h_read_f(): src
addr: 52.114.75.24:5061
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1319]: tls_h_read_f(): dst
addr: x.x.x.x:0
/usr/local/sbin/kamailio[412165]: ERROR: <core> [core/tcp_read.c:1524]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fa74d265d40 r: 0x7fa74d265e68
(-1)
tls.cfg:
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
server_name = test.mytest.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
Please suggest what I am missing.
---
Thanks,
27 Aug
27 Aug
4:46 a.m.
Hi everyone,
Thank you all for your kind help with the TLS configuration. Palany's
suggestion worked flawlessly, and now both inbound and outbound calls are
functioning.
However, I'm facing a one-way audio issue, and calls are disconnected after
30 seconds. I suspect this might be related to NAT. Here’s the current
setup:
*Asterisk <===> Kamailio (as SBC) <=====> MS Teams*
Could this be related to my NAT configuration, or is there something else I
should investigate? Any guidance would be greatly appreciated.
Thanks again for your support!
On Thu, Aug 15, 2024 at 11:02 PM palany <palany(a)advancedzim.com> wrote:
Hi Muhammad
Can you try your tls cfg as below and make sure your certificates have the
right permissions.
[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem
certificate = /etc/letsencypt/live/MYDOMAIN/fullchain.pem
[client:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem
certificate = /etc/letsencrypt/live/MYDOMAIN/fullchain.pem
*From:* Muhammad Sohaib via sr-users [mailto:sr-users@lists.kamailio.org]
*Sent:* Thursday, 15 August 2024 3:46 PM
*To:* Kamailio (SER) - Users Mailing List
*Cc:* Muhammad Sohaib
*Subject:* [SR-Users] certificate verify failed (sni: unknown)
integration with ms teams
Dear all,
Trying to integrate Kamailio with MS Teams by following
https://skalatan.de/en/blog/kamailio-sbc-teams
kamcmd dispatcher.list | egrep "URI|FLAGS"
URI: sip:sip.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:
sip2.pstnhub.microsoft.com;transport=tls
FLAGS: IP
URI: sip:
sip3.pstnhub.microsoft.com;transport=tls
FLAGS: IP
Kamailio Logs:
/usr/local/sbin/kamailio[412158]: INFO: <script>: Sent out tm request:
OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012
Via: SIP/2.0/TLS
x.x.x.x:5061;branch=z9hG4bK5dad.92de50b2000000000000000000000000.0#015#012
To: <sip:sip.pstnhub.microsoft.com;transport=tls>#015#012
From: <sip:test.mytest.com
--
Thanks,
;tag=5d0939b82abe9b1bbf185d963b6e6c88-edeb3c71#015#012
CSeq: 10 OPTIONS#015#012
Call-ID: 2db6bede5631d9b6-412158(a)88.99.244.106#015#012
<http://2db6bede5631d9b6-412158@88.99.244.106#015%23012>
Max-Forwards: 70#015#012Content-Length: 0#015#012
User-Agent: kamailio (5.8.2 (x86_64/linux))
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1312]:
tls_h_read_f(): protocol level error
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_util.h:49]:
tls_err_ret(): TLS write:error:0A000086:SSL routines::certificate verify
failed (sni: unknown)
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1316]:
tls_h_read_f(): src addr: 52.114.75.24:5061
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1319]:
tls_h_read_f(): dst addr: x.x.x.x:0
/usr/local/sbin/kamailio[412165]: ERROR: <core> [core/tcp_read.c:1524]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fa74d265d40 r:
0x7fa74d265e68 (-1)
tls.cfg:
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
server_name = test.mytest.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
Please suggest what I am missing.
---
Thanks,
10
days inactive
22
days old
5 comments
5 participants
participants (5)
-
Barry Flanagan -
Fred Posner -
Henning Westerholt -
Muhammad Sohaib -
palany