[Freeswitch-users] multiple sip profiles

David Villasmil david.villasmil.work at gmail.com
Mon Apr 3 23:29:45 MSD 2017


If you don't see anything coming in, it's not freeswitch. I mean if you
don't see anything with tshark/ngrep , then It's not freeswitch. Look
elsewhere...


On Mon, Apr 3, 2017 at 8:53 PM Rick Jarvis <rick at magicmail.mooo.com> wrote:

Have to confess I don’t know what wss is? Stefan suggested I cat my certs
into wss.pem as per below, which seems to have worked to get the port
listening but not sure if that’s what you mean?

I can’t see anything coming in at all, it’s as if the firewall isn’t open
on 5061 but it’s open to every port so can’t be that...


On 3 Apr 2017, at 18:42, David Villasmil <david.villasmil.work at gmail.com>
wrote:

Do you see registers coming in? If so, check nothing is also listening
there, this happened to me once (on a different port) and it was wss, which
also shows as freeswitch listening
On Mon, Apr 3, 2017 at 7:39 PM Rick Jarvis <rick at magicmail.mooo.com> wrote:

This was really helpful, thank you!

Struggling now with the registration over TLS for some reason. sofia shows
TLS on 5061, netstat shows listening on port 5061, firewall is completely
open, sip internal tls enabled, but whilst handsets register fine on TCP,
they timeout on TLS. Is TLS somehow more problematic with NAT traversal
maybe? Nothing showing in freeswitch.log, should I be looking elsewhere or
increasing the logging maybe?

Thanks again!
R

On 21 Mar 2017, at 09:24, Stefan Davids <freeswitch at stefan.davids.uk.net>
wrote:


It probably depends on the client configuration if you get an invalid
certificate for self signed or not.  Most seem happy by default when
I've tried.

I've had no problems using letsencrypt certificates for TLS.

If it is a certificate issue (you can check by turning up the logging)
I'd imagine either the certificate isn't readable by freeswitch (by
default I think it'll be chmod 600 and owned by root) or it's wrongly
constructed.

I have wss.pem as a symlink

wss.pem -> /etc/letsencrypt/wss.pem

# ls -l /etc/letsencrypt/wss.pem
-rw-r----- 1 freeswitch freeswitch 10868 Mar  8 18:46
/etc/letsencrypt/wss.pem

and created wss.pem via

cat /etc/letsencrypt/live/sip.netscum.org.uk/cert.pem /etc/letsencrypt/live/
sip.netscum.org.uk/privkey.pem /etc/letsencrypt/live/
sip.netscum.org.uk/chain.pem/etc/letsencrypt/live/
sip.netscum.org.uk/fullchain.pem > /etc/letsencrypt/wss.pem






On 20/03/17 22:08, Rick Jarvis wrote:

Thanks Stefan, that’s a huge help - hadn’t crossed my mind it could be a
cert error, given the description. I’m currently using letsencrypt’s
certbot to download the certs and symbolic linking to them. Maybe I should
just try the generator that the docs recommend, but am wondering if that
will present the non-valid CA issues one gets with web browsers (I’m not
all that clear on whether this applies to SIP clients or not?!)...

On 20 Mar 2017, at 15:36, Stefan Davids <freeswitch at stefan.davids.uk.net>
wrote:


For what it's worth I've had this error when freeswitch couldn't open the
required
certificates for SSL.

Turning up the freeswitch logging revealed the system call to open the
certicate was
failing with no such file...

On Fri, March 17, 2017 8:25 pm, Rick Jarvis wrote:

also, the thing that’s really bugging me ATM is that if I enable TLS,
just by setting
the following:

<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>

I get:

2017-03-17 20:22:05.762756 [ERR] sofia.c:2863 Error Creating SIP UA for
profile:
internal (sip:mod_sofia at 12.34.56.78:5060;transport=udp,tcp)
The likely causes for this are:
1) Another application is already listening on the specified address.
2) The IP the profile is attempting to bind to is not local to this system.

Yet the TLS port is set to 5061, so how can this be?


On 17 Mar 2017, at 19:32, Sergey Safarov <s.safarov at gmail.com> wrote:

Try NAPTR and SRV records. In this case required only one certificate.
Requirements sip clients must support NAPRT or SRV records for TLS
connection


пт, 17 марта 2017, 22:28 Rick Jarvis <rick at magicmail.mooo.com
<mailto:rick at magicmail.mooo.com <rick at magicmail.mooo.com>>>: <
freeswitch at stefan.davids.uk.net>
Trying to get my head around setting TLS up. I have one internal sip
profile, but
multiple domains & dialplans.

If I want to enable TLS on multiple domains, I think I’m right in saying
that I will
then need multiple sip profiles, in order to set the TLS up in each?

I guess my confusion comes from understanding the difference between
domains, profiles
and sip profiles. I’m not even sure exactly what question I’m asking
here, so
apologies!


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org
<consulting at freeswitch.org>>
http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org <http://www.freeswitch.org/>
http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
http://www.cluecon.com <http://www.cluecon.com/>

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <
mailto:FreeSWITCH-users at lists.freeswitch.org
<FreeSWITCH-users at lists.freeswitch.org>>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
<http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
<http://lists.freeswitch.org/mailman/options/freeswitch-users>
http://www.freeswitch.org
<http://www.freeswitch.org/
>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org




_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170403/3b95902a/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list