Hi all,
I have configured Kamailio for WebSockets following this guide as an example: https://github.com/havfo/WEBRTC-to-SIP/blob/master/etc/kamailio/kamailio.cfg
With sip.js and jssip I'm able to initiate a call from WebRTC to SIP and establish a call successfully.
The issue arises when I try to receive a call from a SIP device. In this case the call establishes but there is no audio in either direction.
I *think* the issue is with RTP Engine and I've raised a bug there, but I'm not sure why it is misbehaving https://github.com/sipwise/rtpengine/issues/983. There are some logs from RTP engine posted here.
The sip device communicates with Kamailio over UDP / RTP, nothing is encrypted.
I would appreciate any guidance.
Thanks in advance,
C
Hi all,
I have configured Kamailio for WebSockets following this guide as an example: https://github.com/havfo/WEBRTC-to-SIP/blob/master/etc/kamailio/kamailio.cfg
With sip.js and jssip I'm able to initiate a call from WebRTC to SIP and establish a call successfully.
The issue arises when I try to receive a call from a SIP device. In this case the call establishes but there is no audio in either direction.
I *think* the issue is with RTP Engine and I've raised a bug there, but I'm not sure why it is misbehaving https://github.com/sipwise/rtpengine/issues/983. There are some logs from RTP engine posted here.
The sip device communicates with Kamailio over UDP / RTP, nothing is encrypted.
I would appreciate any guidance.
Thanks in advance,
C
Hello,
I see this was discussed further on rtpengine issue tracker. Did using a newer version of rtpengine made it work?
The typical hint I have is to look at javascript console in the browser, there should be logs printed when some dtls negotiation fails.
Cheers, Daniel
On 05.05.20 02:21, Chirag Desai wrote:
Hi all,
I have configured Kamailio for WebSockets following this guide as an example: https://github.com/havfo/WEBRTC-to-SIP/blob/master/etc/kamailio/kamailio.cfg
With sip.js and jssip I'm able to initiate a call from WebRTC to SIP and establish a call successfully.
The issue arises when I try to receive a call from a SIP device. In this case the call establishes but there is no audio in either direction.
I *think* the issue is with RTP Engine and I've raised a bug there, but I'm not sure why it is misbehaving https://github.com/sipwise/rtpengine/issues/983. There are some logs from RTP engine posted here.
The sip device communicates with Kamailio over UDP / RTP, nothing is encrypted.
I would appreciate any guidance.
Thanks in advance,
C
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi Daniel,
I set up a brand new install of the latest versions of Kamailio and RTP Engine. They're both up and running but I'm hitting a different error whereby I get the following error from JSSIP:
jssip-3.4.3.min.js:9 WebSocket connection to 'wss://mydomain.com:5061/' failed: Connection closed before receiving a handshake response
Please note that mydomain.com is set as an alias in Kamailio. I don't see anything in the logs about the websocket connection so I'm at a bit of a loss here. Any advice is most appreciated.
Thanks!
Are you sure 5061 is your wss port?
At least by default in the webrtc project you used, wss listens on port 4443
On Thu, May 14, 2020 at 7:29 PM Chirag Desai c.desai@rxhost.co.uk wrote:
Hi Daniel,
I set up a brand new install of the latest versions of Kamailio and RTP Engine. They're both up and running but I'm hitting a different error whereby I get the following error from JSSIP:
jssip-3.4.3.min.js:9 WebSocket connection to 'wss://mydomain.com:5061/' failed: Connection closed before receiving a handshake response
Please note that mydomain.com is set as an alias in Kamailio. I don't see anything in the logs about the websocket connection so I'm at a bit of a loss here. Any advice is most appreciated.
Thanks! _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
So it looks like I do indeed get logs. This is when trying to connect wss to 5061. I tried to connect just WS on 5060 and 5061 but still get an error.
What's odd is the kamailio.cfg file is a copy of the file I was running on another machine. I changed the necessary bits, updated the certificates in tls.cfg, but it doesn't connect. On the older machine running kamailio the webrtc pages have no issue connecting. Any ideas?
May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: [BROWSER_IP] May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1236]: tcpconn_new(): on port 42610, type 3 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1555]: tcpconn_add(): hashes: 3294:2497:2595, 5 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd7a8ae0, 29, 2, 0x7fb8b073bb70), fd_no=19 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd7a8ae0, 29, -1, 0x0) fd_no=20 called May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4517]: handle_tcpconn_ev(): sending to child, events 1 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4187]: send2child(): selected tcp worker idx:0 proc:11 pid:2158 for activity on [tls:[KAMAILIO_PUBLIC_IP]:5061], 0x7fb8b073bb70 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1759]: handle_io(): received n=8 con=0x7fb8b073bb70, fd=11 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb8b0672518 ctx 0x7fb8b0698018 sn [sip.mydomain.com]) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b0698018: (nil) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:938]: tls_server_name_cb(): received server_name (TLS extension): 'sip.mydomain.com' May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:957]: tls_server_name_cb(): TLS cfg domain selected for received server name [sip.mydomain.com]: socket [:0] server name=' sip.mydomain.com' - switching SSL CTX to 0x7fb8b0698018 dom 0x7fb8b0672518 (default) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_main.c:2767]: tcpconn_do_send(): sending... May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_main.c:2801]: tcpconn_do_send(): after real write: c= 0x7fb8b073bb70 n=3183 fd=11 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_main.c:2802]: tcpconn_do_send(): buf=#012#026#003#003 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd8147c0, 11, 2, 0x7fb8b073bb70), fd_no=1 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:198]: tcp_emit_closed_event(): TCP closed event creation triggered (reason: 0) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:206]: tcp_emit_closed_event(): no callback registering for handling TCP closed event May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:317]: tcp_read_data(): EOF on 0x7fb8b073bb70, FD 11 ([[BROWSER_IP]]:42610 -> May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:319]: tcp_read_data(): -> [ IC_IP]]:5061) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b0698018: (nil) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd8147c0, 11, -1, 0x10) fd_no=2 called May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7fb8b073bb70, state -1, fd=11, id=5 ([[BROWSER_IP]]:42610 -> [[BROWSER_IP]]:5061) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7fb8b075db18 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:3619]: handle_tcp_child(): reader response= 7fb8b073bb70, -1 from 0 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x7fb8b075db18 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: [BROWSER_IP] May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1236]: tcpconn_new(): on port 42636, type 3 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1555]: tcpconn_add(): hashes: 3105:2366:2780, 6 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd7a8ae0, 29, 2, 0x7fb8b073bb70), fd_no=19 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd7a8ae0, 29, -1, 0x0) fd_no=20 called May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4517]: handle_tcpconn_ev(): sending to child, events 1 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4187]: send2child(): selected tcp worker idx:1 proc:12 pid:2159 for activity on [tls:[KAMAILIO_PUBLIC_IP]:5061], 0x7fb8b073bb70 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1759]: handle_io(): received n=8 con=0x7fb8b073bb70, fd=11 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb8b0672518 ctx 0x7fb8b06997c8 sn [sip.mydomain.com]) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b06997c8: (nil) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:938]: tls_server_name_cb(): received server_name (TLS extension): 'sip.mydomain.com' May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:957]: tls_server_name_cb(): TLS cfg domain selected for received server name [sip.mydomain.com]: socket [:0] server name=' sip.mydomain.com' - switching SSL CTX to 0x7fb8b06997c8 dom 0x7fb8b0672518 (default) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_main.c:2767]: tcpconn_do_send(): sending... May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_main.c:2801]: tcpconn_do_send(): after real write: c= 0x7fb8b073bb70 n=3183 fd=11 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_main.c:2802]: tcpconn_do_send(): buf=#012#026#003#003 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd8147c0, 11, 2, 0x7fb8b073bb70), fd_no=1 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:198]: tcp_emit_closed_event(): TCP closed event creation triggered (reason: 0) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:206]: tcp_emit_closed_event(): no callback registering for handling TCP closed event May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:317]: tcp_read_data(): EOF on 0x7fb8b073bb70, FD 11 ([[BROWSER_IP]]:42636 -> May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:319]: tcp_read_data(): -> [[KAMAILIO_PUBLIC_IP]]:5061) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b06997c8: (nil) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd8147c0, 11, -1, 0x10) fd_no=2 called May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7fb8b073bb70, state -1, fd=11, id=6 ([[BROWSER_IP]]:42636 -> [[BROWSER_IP]]:5061) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7fb8b075db18 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:3619]: handle_tcp_child(): reader response= 7fb8b073bb70, -1 from 1 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x7fb8b075db18 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: [BROWSER_IP] May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1236]: tcpconn_new(): on port 42662, type 3 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1555]: tcpconn_add(): hashes: 3083:2324:2806, 7 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd7a8ae0, 29, 2, 0x7fb8b073bb70), fd_no=19 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd7a8ae0, 29, -1, 0x0) fd_no=20 called May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4517]: handle_tcpconn_ev(): sending to child, events 1 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4187]: send2child(): selected tcp worker idx:2 proc:13 pid:2160 for activity on [tls:[KAMAILIO_PUBLIC_IP]:5061], 0x7fb8b073bb70 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1759]: handle_io(): received n=8 con=0x7fb8b073bb70, fd=11 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb8b0672518 ctx 0x7fb8b069af78 sn [sip.mydomain.com]) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b069af78: (nil) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:938]: tls_server_name_cb(): received server_name (TLS extension): 'sip.mydomain.com' May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:957]: tls_server_name_cb(): TLS cfg domain selected for received server name [sip.mydomain.com]: socket [:0] server name=' sip.mydomain.com' - switching SSL CTX to 0x7fb8b069af78 dom 0x7fb8b0672518 (default) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_main.c:2767]: tcpconn_do_send(): sending... May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_main.c:2801]: tcpconn_do_send(): after real write: c= 0x7fb8b073bb70 n=3183 fd=11 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_main.c:2802]: tcpconn_do_send(): buf=#012#026#003#003 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd8147c0, 11, 2, 0x7fb8b073bb70), fd_no=1 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:198]: tcp_emit_closed_event(): TCP closed event creation triggered (reason: 0) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:206]: tcp_emit_closed_event(): no callback registering for handling TCP closed event May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:317]: tcp_read_data(): EOF on 0x7fb8b073bb70, FD 11 ([[BROWSER_IP]]:42662 -> May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:319]: tcp_read_data(): -> [[KAMAILIO_PUBLIC_IP]]:5061) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b069af78: (nil) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd8147c0, 11, -1, 0x10) fd_no=2 called May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7fb8b073bb70, state -1, fd=11, id=7 ([[BROWSER_IP]]:42662 -> [[BROWSER_IP]]:5061) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7fb8b075db18 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:3619]: handle_tcp_child(): reader response= 7fb8b073bb70, -1 from 2 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x7fb8b075db18
Hi all,
OK so I can now register using WS, but with WSS nothing seems to happen. It looks like the handshake isn't working properly on the Kamailio side. It resets prematurely and therefore the connection never succeeds. I've tried different URIs, checked certificates. Checked the TLS connection with openssl all to no avail.
There are no useful errors in the log, no matter how high I set the log level. It looks like the request doesn't hit the routing logic at all because I start my logic with an xlog statement but that never prints.
I would appreciate any guidance.
Thanks,
C
Hello,
the private key for creating the tls connection is not found:
May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b0698018: (nil) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF
Check the config options for tls module and the server profiles.
Cheers, Daniel
On 15.05.20 16:23, Chirag Desai wrote:
So it looks like I do indeed get logs. This is when trying to connect wss to 5061. I tried to connect just WS on 5060 and 5061 but still get an error.
What's odd is the kamailio.cfg file is a copy of the file I was running on another machine. I changed the necessary bits, updated the certificates in tls.cfg, but it doesn't connect. On the older machine running kamailio the webrtc pages have no issue connecting. Any ideas?
May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: [BROWSER_IP] May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1236]: tcpconn_new(): on port 42610, type 3 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1555]: tcpconn_add(): hashes: 3294:2497:2595, 5 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd7a8ae0, 29, 2, 0x7fb8b073bb70), fd_no=19 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd7a8ae0, 29, -1, 0x0) fd_no=20 called May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4517]: handle_tcpconn_ev(): sending to child, events 1 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4187]: send2child(): selected tcp worker idx:0 proc:11 pid:2158 for activity on [tls:[KAMAILIO_PUBLIC_IP]:5061], 0x7fb8b073bb70 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1759]: handle_io(): received n=8 con=0x7fb8b073bb70, fd=11 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb8b0672518 ctx 0x7fb8b0698018 sn [sip.mydomain.com http://sip.mydomain.com]) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b0698018: (nil) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:938]: tls_server_name_cb(): received server_name (TLS extension): 'sip.mydomain.com http://sip.mydomain.com' May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:957]: tls_server_name_cb(): TLS cfg domain selected for received server name [sip.mydomain.com http://sip.mydomain.com]: socket [:0] server name='sip.mydomain.com http://sip.mydomain.com' - switching SSL CTX to 0x7fb8b0698018 dom 0x7fb8b0672518 (default) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_main.c:2767]: tcpconn_do_send(): sending... May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_main.c:2801]: tcpconn_do_send(): after real write: c= 0x7fb8b073bb70 n=3183 fd=11 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_main.c:2802]: tcpconn_do_send(): buf=#012#026#003#003 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd8147c0, 11, 2, 0x7fb8b073bb70), fd_no=1 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:198]: tcp_emit_closed_event(): TCP closed event creation triggered (reason: 0) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:206]: tcp_emit_closed_event(): no callback registering for handling TCP closed event May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:317]: tcp_read_data(): EOF on 0x7fb8b073bb70, FD 11 ([[BROWSER_IP]]:42610 -> May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:319]: tcp_read_data(): -> [ IC_IP]]:5061) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b0698018: (nil) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd8147c0, 11, -1, 0x10) fd_no=2 called May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7fb8b073bb70, state -1, fd=11, id=5 ([[BROWSER_IP]]:42610 -> [[BROWSER_IP]]:5061) May 15 14:17:12 pluto /usr/local/sbin/kamailio[2158]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7fb8b075db18 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:3619]: handle_tcp_child(): reader response= 7fb8b073bb70, -1 from 0 May 15 14:17:12 pluto /usr/local/sbin/kamailio[2162]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x7fb8b075db18 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: [BROWSER_IP] May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1236]: tcpconn_new(): on port 42636, type 3 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1555]: tcpconn_add(): hashes: 3105:2366:2780, 6 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd7a8ae0, 29, 2, 0x7fb8b073bb70), fd_no=19 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd7a8ae0, 29, -1, 0x0) fd_no=20 called May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4517]: handle_tcpconn_ev(): sending to child, events 1 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4187]: send2child(): selected tcp worker idx:1 proc:12 pid:2159 for activity on [tls:[KAMAILIO_PUBLIC_IP]:5061], 0x7fb8b073bb70 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1759]: handle_io(): received n=8 con=0x7fb8b073bb70, fd=11 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb8b0672518 ctx 0x7fb8b06997c8 sn [sip.mydomain.com http://sip.mydomain.com]) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b06997c8: (nil) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:938]: tls_server_name_cb(): received server_name (TLS extension): 'sip.mydomain.com http://sip.mydomain.com' May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:957]: tls_server_name_cb(): TLS cfg domain selected for received server name [sip.mydomain.com http://sip.mydomain.com]: socket [:0] server name='sip.mydomain.com http://sip.mydomain.com' - switching SSL CTX to 0x7fb8b06997c8 dom 0x7fb8b0672518 (default) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_main.c:2767]: tcpconn_do_send(): sending... May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_main.c:2801]: tcpconn_do_send(): after real write: c= 0x7fb8b073bb70 n=3183 fd=11 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_main.c:2802]: tcpconn_do_send(): buf=#012#026#003#003 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd8147c0, 11, 2, 0x7fb8b073bb70), fd_no=1 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:198]: tcp_emit_closed_event(): TCP closed event creation triggered (reason: 0) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:206]: tcp_emit_closed_event(): no callback registering for handling TCP closed event May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:317]: tcp_read_data(): EOF on 0x7fb8b073bb70, FD 11 ([[BROWSER_IP]]:42636 -> May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:319]: tcp_read_data(): -> [[KAMAILIO_PUBLIC_IP]]:5061) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b06997c8: (nil) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd8147c0, 11, -1, 0x10) fd_no=2 called May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7fb8b073bb70, state -1, fd=11, id=6 ([[BROWSER_IP]]:42636 -> [[BROWSER_IP]]:5061) May 15 14:17:14 pluto /usr/local/sbin/kamailio[2159]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7fb8b075db18 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:3619]: handle_tcp_child(): reader response= 7fb8b073bb70, -1 from 1 May 15 14:17:14 pluto /usr/local/sbin/kamailio[2162]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x7fb8b075db18 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: [BROWSER_IP] May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1236]: tcpconn_new(): on port 42662, type 3 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:1555]: tcpconn_add(): hashes: 3083:2324:2806, 7 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd7a8ae0, 29, 2, 0x7fb8b073bb70), fd_no=19 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd7a8ae0, 29, -1, 0x0) fd_no=20 called May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4517]: handle_tcpconn_ev(): sending to child, events 1 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:4187]: send2child(): selected tcp worker idx:2 proc:13 pid:2160 for activity on [tls:[KAMAILIO_PUBLIC_IP]:5061], 0x7fb8b073bb70 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1759]: handle_io(): received n=8 con=0x7fb8b073bb70, fd=11 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb8b0672518 ctx 0x7fb8b069af78 sn [sip.mydomain.com http://sip.mydomain.com]) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b069af78: (nil) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:938]: tls_server_name_cb(): received server_name (TLS extension): 'sip.mydomain.com http://sip.mydomain.com' May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:957]: tls_server_name_cb(): TLS cfg domain selected for received server name [sip.mydomain.com http://sip.mydomain.com]: socket [:0] server name='sip.mydomain.com http://sip.mydomain.com' - switching SSL CTX to 0x7fb8b069af78 dom 0x7fb8b0672518 (default) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_main.c:2767]: tcpconn_do_send(): sending... May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_main.c:2801]: tcpconn_do_send(): after real write: c= 0x7fb8b073bb70 n=3183 fd=11 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_main.c:2802]: tcpconn_do_send(): buf=#012#026#003#003 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/io_wait.h:377]: io_watch_add(): DBG: io_watch_add(0x5599fd8147c0, 11, 2, 0x7fb8b073bb70), fd_no=1 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:198]: tcp_emit_closed_event(): TCP closed event creation triggered (reason: 0) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:206]: tcp_emit_closed_event(): no callback registering for handling TCP closed event May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:317]: tcp_read_data(): EOF on 0x7fb8b073bb70, FD 11 ([[BROWSER_IP]]:42662 -> May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:319]: tcp_read_data(): -> [[KAMAILIO_PUBLIC_IP]]:5061) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb8b069af78: (nil) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/io_wait.h:599]: io_watch_del(): DBG: io_watch_del (0x5599fd8147c0, 11, -1, 0x10) fd_no=2 called May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7fb8b073bb70, state -1, fd=11, id=7 ([[BROWSER_IP]]:42662 -> [[BROWSER_IP]]:5061) May 15 14:17:16 pluto /usr/local/sbin/kamailio[2160]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7fb8b075db18 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: <core> [core/tcp_main.c:3619]: handle_tcp_child(): reader response= 7fb8b073bb70, -1 from 2 May 15 14:17:16 pluto /usr/local/sbin/kamailio[2162]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x7fb8b075db18
Hi Daniel,
Thanks for the response. I'm sure I have everything set up correctly.
Here's what's in my tls.cfg:
[server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/sip.mydomain.com/privkey.pem certificate = /etc/letsencrypt/live/sip.mydomain.com/fullchain.pem server_name = sip.mydomain.com
Here's my kamailio.cfg
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") #!endif
If I run cat /etc/letsencrypt/live/sip.mydomain.com/privkey.pem I can see the contents of the file. The permissions for the certificates are quite liberal too, so there shouldn't be any issues there. Any other ideas?
Thanks so much for your help.
Hello,
can you try to connect with openssl client tool and see if you get more hints in the output? Like:
openssl s_client -connect sipserver.com:5061 -tlsextdebug
Cheers, Daniel
On 19.05.20 21:35, Chirag Desai wrote:
Hi Daniel,
Thanks for the response. I'm sure I have everything set up correctly.
Here's what's in my tls.cfg:
[server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/sip.mydomain.com/privkey.pem http://sip.mydomain.com/privkey.pem certificate = /etc/letsencrypt/live/sip.mydomain.com/fullchain.pem http://sip.mydomain.com/fullchain.pem server_name = sip.mydomain.com http://sip.mydomain.com
Here's my kamailio.cfg
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") #!endif
If I run cat /etc/letsencrypt/live/sip.mydomain.com/privkey.pem http://sip.mydomain.com/privkey.pem I can see the contents of the file. The permissions for the certificates are quite liberal too, so there shouldn't be any issues there. Any other ideas?
Thanks so much for your help.
Hi Daniel,
This is the result:
openssl s_client -connect sip.mydomain.com:5061 -tlsextdebug
CONNECTED(00000005) TLS server extension "supported versions" (id=43), len=2 0000 - 03 04 .. TLS server extension "key share" (id=51), len=36 0000 - 00 1d 00 20 3b 06 9a e5-21 16 73 b1 db 04 55 47 ... ;. ..!.s...UG 0010 - 33 5a e0 98 af bf ba 3e-e6 0d 69 40 38 f8 c8 0b 3Z.... .>..i@8... 0020 - ed 79 f2 48 .y.H TLS server extension "server name" (id=0), len=0 depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = sip.mydomain.com verify return:1 --- Certificate chain 0 s:CN = sip.mydomain.com i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE-----
[REDACTED]
-----END CERTIFICATE----- subject=CN = sip.mydomain.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
--- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3115 bytes and written 400 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- read:errno=0
Hello,
you trimmed the output, but I guess that the connection stayed open and no errors were printed in kamailio logs.
That means, kamailio is doing ok. If the web browser has issues connecting over tls, then the problem is somewhere else. Check the logs/console of the browser to see if you get any hints there.
You can also list the tcp/tls connection via RPC and see if the connection you expect is there.
Cheers, Daniel
On 20.05.20 10:30, Chirag Desai wrote:
Hi Daniel,
This is the result:
openssl s_client -connect sip.mydomain.com:5061 http://sip.mydomain.com:5061 -tlsextdebug
CONNECTED(00000005) TLS server extension "supported versions" (id=43), len=2 0000 - 03 04 .. TLS server extension "key share" (id=51), len=36 0000 - 00 1d 00 20 3b 06 9a e5-21 16 73 b1 db 04 55 47 ... ;. ..!.s...UG 0010 - 33 5a e0 98 af bf ba 3e-e6 0d 69 40 38 f8 c8 0b 3Z.... .>..i@8... 0020 - ed 79 f2 48 .y.H TLS server extension "server name" (id=0), len=0 depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = sip.mydomain.com http://sip.mydomain.com verify return:1
Certificate chain 0 s:CN = sip.mydomain.com http://sip.mydomain.com i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3
Server certificate -----BEGIN CERTIFICATE-----
[REDACTED]
-----END CERTIFICATE----- subject=CN = sip.mydomain.com http://sip.mydomain.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits
SSL handshake has read 3115 bytes and written 400 bytes Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
read:errno=0
Hi Daniel,
Thanks for your continued help here. I didn't trim the logs. That's all that appeared. When I run the same command against my old Kamailio 4 server I get a much longer message back.
The the newer kamailio 5 machine, I see similar logs when running the openssl command as when I try to connect via the websocket.
I will have a look at the RPC, but I feel maybe something else is up. Appreciate any further guidance.
Thanks,
C
Hi Daniel,
I solved it! In the tls.cfg file I changed method = TLSv1.2+ to method = TLSv1.2
It seems like Kamailio wasn't liking the TLS 1.3 connections. The documentation states it should work when using Open SSL 1.1.1 and I am indeed using that, so I'm not sure what went wrong. Could it be a bug?
openssl version -a OpenSSL 1.1.1 11 Sep 2018
I'm happy I have the WSS working now. I will test the audio shortly and report back.
Thanks again for all your help,
C
Hello,
I used:
openssl s_client -connect MYSERVER:5061 -tlsextdebug -tls1_3
and worked:
Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384
It connected to Kamailio master branch running on a Debian Buster (10).
Might be something specific to your environment.
Cheers, Daniel
On 21.05.20 02:48, Chirag Desai wrote:
Hi Daniel,
I solved it! In the tls.cfg file I changed method = TLSv1.2+ to method = TLSv1.2
It seems like Kamailio wasn't liking the TLS 1.3 connections. The documentation states it should work when using Open SSL 1.1.1 and I am indeed using that, so I'm not sure what went wrong. Could it be a bug?
openssl version -a OpenSSL 1.1.1 11 Sep 2018
I'm happy I have the WSS working now. I will test the audio shortly and report back.
Thanks again for all your help,
C
Hi Daniel
Thanks so much for your help. I'm going to roll with TLS 1.2 for now, until I find time to debug. I seem to have audio in both directions too! Now I can continue building around kamailio. Thank you :)
Chirag
Ok. Let us know if you find out anything related to tls 1.3 that impacts Kamailio.
Cheers, Daniel
On 22.05.20 13:07, Chirag Desai wrote:
Hi Daniel
Thanks so much for your help. I'm going to roll with TLS 1.2 for now, until I find time to debug. I seem to have audio in both directions too! Now I can continue building around kamailio. Thank you :)
Chirag
-
Chirag Desai -
Daniel-Constantin Mierla -
Sergiu Pojoga