[Freeswitch-users] multiple sip profiles

Stefan Davids freeswitch at stefan.davids.uk.net
Tue Apr 4 17:07:21 MSD 2017


Do you have siptrace turned on for that profile?

If that's on and logging nothing check you can see a successful TLS
handshake with tshark; eg run

sudo tshark -i any -f "port 5061"

and then get something to try to register (make sure any previous session
has timed out).  I get, for example:

 1   0.000000 82.132.240.202 -> 81.187.168.242 TCP 76 38035→5061 [SYN] Seq=0
Win=14600 Len=0 MSS=1432 SACK_PERM=1 TSval=405135258 TSecr=0 WS=512
  2   0.000241 81.187.168.242 -> 82.132.240.202 TCP 76 5061→38035 [SYN, ACK] Seq=0
Ack=1 Win=28800 Len=0 MSS=1452 SACK_PERM=1 TSval=1319863800 TSecr=405135258 WS=128
  3   0.028737 82.132.240.202 -> 81.187.168.242 TCP 68 38035→5061 [ACK] Seq=1
Ack=1 Win=14848 Len=0 TSval=405135287 TSecr=1319863800
  4   0.029051 82.132.240.202 -> 81.187.168.242 SSL 259 Client Hello
  5   0.029207 81.187.168.242 -> 82.132.240.202 TCP 68 5061→38035 [ACK] Seq=1
Ack=192 Win=29952 Len=0 TSval=1319863803 TSecr=405135287
  6   0.263779 81.187.168.242 -> 82.132.240.202 TLSv1 1488 Server Hello
  7   0.263871 81.187.168.242 -> 82.132.240.202 TLSv1 1488 Certificate
  8   0.263944 81.187.168.242 -> 82.132.240.202 TLSv1 635 Server Key Exchange

etc.

I've seen old clients which only support SSLv2 or SSLv3 whereas Freeswitch by default
won't (for security reasons).  Maybe say what client you're trying to use?  It might
have some known quirks...

On Tue, April 4, 2017 11:05 am, Rick Jarvis wrote:
> I can see it in ngrep, and the conversations look similar to when the register is
> occurring in TCP, i.e.
>
> phone:randomport -> server:5061
> server:5061 -> phone:randomport
>
> But it fails to register as if it’s timing out, and I can’t find any logging on FS
> to confirm that the conversation took place.
>
>> On 3 Apr 2017, at 20:29, David Villasmil <david.villasmil.work at gmail.com> wrote:
>>
>> If you don't see anything coming in, it's not freeswitch. I mean if you don't see
>> anything with tshark/ngrep , then It's not freeswitch. Look elsewhere...
>>
>>
>> On Mon, Apr 3, 2017 at 8:53 PM Rick Jarvis <rick at magicmail.mooo.com
>> <mailto:rick at magicmail.mooo.com>> wrote:
>> Have to confess I don’t know what wss is? Stefan suggested I cat my certs into
>> wss.pem as per below, which seems to have worked to get the port listening but not
>> sure if that’s what you mean?
>>
>> I can’t see anything coming in at all, it’s as if the firewall isn’t open on
>> 5061 but it’s open to every port so can’t be that...
>>
>>
>>> On 3 Apr 2017, at 18:42, David Villasmil <david.villasmil.work at gmail.com
>>> <mailto:david.villasmil.work at gmail.com>> wrote:
>>>
>>> Do you see registers coming in? If so, check nothing is also listening there, this
>>> happened to me once (on a different port) and it was wss, which also shows as
>>> freeswitch listening
>>> On Mon, Apr 3, 2017 at 7:39 PM Rick Jarvis <rick at magicmail.mooo.com
>>> <mailto:rick at magicmail.mooo.com>> wrote:
>>> This was really helpful, thank you!
>>>
>>> Struggling now with the registration over TLS for some reason. sofia shows TLS on
>>> 5061, netstat shows listening on port 5061, firewall is completely open, sip internal
>>> tls enabled, but whilst handsets register fine on TCP, they timeout on TLS. Is TLS
>>> somehow more problematic with NAT traversal maybe? Nothing showing in freeswitch.log,
>>> should I be looking elsewhere or increasing the logging maybe?
>>>
>>> Thanks again!
>>> R
>>>
>>>
>>>> On 21 Mar 2017, at 09:24, Stefan Davids <freeswitch at stefan.davids.uk.net
>>>> <mailto:freeswitch at stefan.davids.uk.net>> wrote:
>>>>
>>>
>>>>
>>>> It probably depends on the client configuration if you get an invalid
>>>> certificate for self signed or not.  Most seem happy by default when
>>>> I've tried.
>>>>
>>>> I've had no problems using letsencrypt certificates for TLS.
>>>>
>>>> If it is a certificate issue (you can check by turning up the logging)
>>>> I'd imagine either the certificate isn't readable by freeswitch (by
>>>> default I think it'll be chmod 600 and owned by root) or it's wrongly
>>>> constructed.
>>>>
>>>> I have wss.pem as a symlink
>>>>
>>>> wss.pem -> /etc/letsencrypt/wss.pem
>>>>
>>>> # ls -l /etc/letsencrypt/wss.pem
>>>> -rw-r----- 1 freeswitch freeswitch 10868 Mar  8 18:46 /etc/letsencrypt/wss.pem
>>>>
>>>> and created wss.pem via
>>>>
>>>
>>>> cat /etc/letsencrypt/live/sip.netscum.org.uk/cert.pem
>>>> <http://sip.netscum.org.uk/cert.pem>
>>>> /etc/letsencrypt/live/sip.netscum.org.uk/privkey.pem
>>>> <http://sip.netscum.org.uk/privkey.pem>
>>>> /etc/letsencrypt/live/sip.netscum.org.uk/chain.pem
>>>> <http://sip.netscum.org.uk/chain.pem>/etc/letsencrypt/live/sip.netscum.org.uk/fullchain.pem
>>>> <http://sip.netscum.org.uk/fullchain.pem> > /etc/letsencrypt/wss.pem
>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 20/03/17 22:08, Rick Jarvis wrote:
>>>>> Thanks Stefan, that’s a huge help - hadn’t crossed my mind it could be a cert
>>>>> error, given the description. I’m currently using letsencrypt’s certbot to
>>>>> download the certs and symbolic linking to them. Maybe I should just try the
>>>>> generator that the docs recommend, but am wondering if that will present the
>>>>> non-valid CA issues one gets with web browsers (I’m not all that clear on whether
>>>>> this applies to SIP clients or not?!)...
>>>>>
>>>>>> On 20 Mar 2017, at 15:36, Stefan Davids <freeswitch at stefan.davids.uk.net
>>>>>> <mailto:freeswitch at stefan.davids.uk.net>> wrote:
>>>>>>
>>>>>>
>>>>>> For what it's worth I've had this error when freeswitch couldn't open the required
>>>>>> certificates for SSL.
>>>>>>
>>>>>> Turning up the freeswitch logging revealed the system call to open the certicate
>>>>>> was
>>>>>> failing with no such file...
>>>>>>
>>>>>> On Fri, March 17, 2017 8:25 pm, Rick Jarvis wrote:
>>>>>>> also, the thing that’s really bugging me ATM is that if I enable TLS, just
>>>>>>> by setting
>>>>>>> the following:
>>>>>>>
>>>>>>> <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
>>>>>>>
>>>>>>> I get:
>>>>>>>
>>>>>>> 2017-03-17 20:22:05.762756 [ERR] sofia.c:2863 Error Creating SIP UA for profile:
>>>>>>> internal (sip:mod_sofia at 12.34.56.78:5060;transport=udp,tcp <>)
>>>>>>> The likely causes for this are:
>>>>>>> 1) Another application is already listening on the specified address.
>>>>>>> 2) The IP the profile is attempting to bind to is not local to this system.
>>>>>>>
>>>>>>> Yet the TLS port is set to 5061, so how can this be?
>>>>>>>
>>>>>>>
>>>>>>>> On 17 Mar 2017, at 19:32, Sergey Safarov <s.safarov at gmail.com
>>>>>>>> <mailto:s.safarov at gmail.com>> wrote:
>>>>>>>>
>>>>>>>> Try NAPTR and SRV records. In this case required only one certificate.
>>>>>>>> Requirements sip clients must support NAPRT or SRV records for TLS connection
>>>>>>>>
>>>>>>>>
>>>>>>>> пт, 17 марта 2017, 22:28 Rick Jarvis
>>>>>>>> <rick at magicmail.mooo.com <mailto:rick at magicmail.mooo.com>
>>>>>>>> <mailto:rick at magicmail.mooo.com <mailto:rick at magicmail.mooo.com>>>:
>>>>>>>> <freeswitch at stefan.davids.uk.net <mailto:freeswitch at stefan.davids.uk.net>>
>>>>>>>> Trying to get my head around setting TLS up. I have one internal sip profile,
>>>>>>>> but
>>>>>>>> multiple domains & dialplans.
>>>>>>>>
>>>>>>>> If I want to enable TLS on multiple domains, I think I’m right in saying
>>>>>>>> that I will
>>>>>>>> then need multiple sip profiles, in order to set the TLS up in each?
>>>>>>>>
>>>>>>>> I guess my confusion comes from understanding the difference between domains,
>>>>>>>> profiles
>>>>>>>> and sip profiles. I’m not even sure exactly what question I’m
>>>>>>>> asking here, so
>>>>>>>> apologies!
>>>>>>>>
>>>>>>>>
>>>>>>>> _________________________________________________________________________
>>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>>>> <mailto:consulting at freeswitch.org <mailto:consulting at freeswitch.org>>
>>>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>>> <http://www.freeswitchsolutions.com/ <http://www.freeswitchsolutions.com/>>
>>>>>>>>
>>>>>>>> Official FreeSWITCH Sites
>>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>>> <http://www.freeswitch.org/ <http://www.freeswitch.org/>>
>>>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>>>> <http://confluence.freeswitch.org/ <http://confluence.freeswitch.org/>>
>>>>>>>> http://www.cluecon.com <http://www.cluecon.com/> <http://www.cluecon.com/
>>>>>>>> <http://www.cluecon.com/>>
>>>>>>>>
>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>>>> <mailto:FreeSWITCH-users at lists.freeswitch.org
>>>>>>>> <mailto:FreeSWITCH-users at lists.freeswitch.org>>
>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>>>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>>
>>>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>>
>>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>>> <http://www.freeswitch.org/
>>>>>>>> <http://www.freeswitch.org/>>_________________________________________________________________________
>>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>>>
>>>>>>>> Official FreeSWITCH Sites
>>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>>>
>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>>
>>>>>>> _________________________________________________________________________
>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>>
>>>>>>> Official FreeSWITCH Sites
>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>> http://www.freeswitch.org
>>>> <http://www.freeswitch.org/>_________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>> http://www.freeswitch.org
>>> <http://www.freeswitch.org/>_________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org
>> <http://www.freeswitch.org/>_________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org





Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list