[Freeswitch-users] multiple sip profiles
David Villasmil
david.villasmil.work at gmail.com
Mon Apr 3 21:42:42 MSD 2017
Do you see registers coming in? If so, check nothing is also listening
there, this happened to me once (on a different port) and it was wss, which
also shows as freeswitch listening
On Mon, Apr 3, 2017 at 7:39 PM Rick Jarvis <rick at magicmail.mooo.com> wrote:
> This was really helpful, thank you!
>
> Struggling now with the registration over TLS for some reason. sofia shows
> TLS on 5061, netstat shows listening on port 5061, firewall is completely
> open, sip internal tls enabled, but whilst handsets register fine on TCP,
> they timeout on TLS. Is TLS somehow more problematic with NAT traversal
> maybe? Nothing showing in freeswitch.log, should I be looking elsewhere or
> increasing the logging maybe?
>
> Thanks again!
> R
>
> On 21 Mar 2017, at 09:24, Stefan Davids <freeswitch at stefan.davids.uk.net>
> wrote:
>
>
> It probably depends on the client configuration if you get an invalid
> certificate for self signed or not. Most seem happy by default when
> I've tried.
>
> I've had no problems using letsencrypt certificates for TLS.
>
> If it is a certificate issue (you can check by turning up the logging)
> I'd imagine either the certificate isn't readable by freeswitch (by
> default I think it'll be chmod 600 and owned by root) or it's wrongly
> constructed.
>
> I have wss.pem as a symlink
>
> wss.pem -> /etc/letsencrypt/wss.pem
>
> # ls -l /etc/letsencrypt/wss.pem
> -rw-r----- 1 freeswitch freeswitch 10868 Mar 8 18:46
> /etc/letsencrypt/wss.pem
>
> and created wss.pem via
>
> cat /etc/letsencrypt/live/sip.netscum.org.uk/cert.pem
> /etc/letsencrypt/live/sip.netscum.org.uk/privkey.pem
> /etc/letsencrypt/live/sip.netscum.org.uk/chain.pem/etc/letsencrypt/live/
> sip.netscum.org.uk/fullchain.pem > /etc/letsencrypt/wss.pem
>
>
>
>
>
>
> On 20/03/17 22:08, Rick Jarvis wrote:
>
> Thanks Stefan, that’s a huge help - hadn’t crossed my mind it could be a
> cert error, given the description. I’m currently using letsencrypt’s
> certbot to download the certs and symbolic linking to them. Maybe I should
> just try the generator that the docs recommend, but am wondering if that
> will present the non-valid CA issues one gets with web browsers (I’m not
> all that clear on whether this applies to SIP clients or not?!)...
>
> On 20 Mar 2017, at 15:36, Stefan Davids <freeswitch at stefan.davids.uk.net>
> wrote:
>
>
> For what it's worth I've had this error when freeswitch couldn't open the
> required
> certificates for SSL.
>
> Turning up the freeswitch logging revealed the system call to open the
> certicate was
> failing with no such file...
>
> On Fri, March 17, 2017 8:25 pm, Rick Jarvis wrote:
>
> also, the thing that’s really bugging me ATM is that if I enable TLS,
> just by setting
> the following:
>
> <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
>
> I get:
>
> 2017-03-17 20:22:05.762756 [ERR] sofia.c:2863 Error Creating SIP UA for
> profile:
> internal (sip:mod_sofia at 12.34.56.78:5060;transport=udp,tcp)
> The likely causes for this are:
> 1) Another application is already listening on the specified address.
> 2) The IP the profile is attempting to bind to is not local to this system.
>
> Yet the TLS port is set to 5061, so how can this be?
>
>
> On 17 Mar 2017, at 19:32, Sergey Safarov <s.safarov at gmail.com> wrote:
>
> Try NAPTR and SRV records. In this case required only one certificate.
> Requirements sip clients must support NAPRT or SRV records for TLS
> connection
>
>
> пт, 17 марта 2017, 22:28 Rick Jarvis <rick at magicmail.mooo.com
> <mailto:rick at magicmail.mooo.com <rick at magicmail.mooo.com>>>: <
> freeswitch at stefan.davids.uk.net>
> Trying to get my head around setting TLS up. I have one internal sip
> profile, but
> multiple domains & dialplans.
>
> If I want to enable TLS on multiple domains, I think I’m right in saying
> that I will
> then need multiple sip profiles, in order to set the TLS up in each?
>
> I guess my confusion comes from understanding the difference between
> domains, profiles
> and sip profiles. I’m not even sure exactly what question I’m asking
> here, so
> apologies!
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org
> <consulting at freeswitch.org>>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <
> mailto:FreeSWITCH-users at lists.freeswitch.org
> <FreeSWITCH-users at lists.freeswitch.org>>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org
> <http://www.freeswitch.org/
> >_________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170403/3904b68a/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list