<div dir="ltr"><div><div><div>wss-binding is not set - looking in internal.xml and running grep after wss-binding does not find anything.<br></div>Looking at $${internal_ssl_dir} I'm not able to find where this is.<br></div>grep'ing after internal_ssl_dir doesn't find anything.<br><br></div>I'm running freeswitch as freeswitch user - so I guess the same user should be on the certificates.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 14, 2015 at 10:55 PM, Thomas <span dir="ltr"><<a href="mailto:lists@virtues.net" target="_blank">lists@virtues.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>The "none" option for the policy is
part of the old standard config, no idea why it doesn't work
(anymore?). Seen that error a lot, but it never prevented the
profile from setting up the socket.<br>
<br>
You sure none of these ports are already in use? (netstat -lpn)
Does the box have an IPv6 interface? Is 159.122.89.10 configured
on any interface?<br>
<br>
If you did not get this error and the SIP profiles were loading
properly before your TLS changes, revert and do it step by step.
You can issue a "reload mod_sofia" to test the new config without
restarting FS.<div><div class="h5"><br>
<br>
<br>
On 14.09.2015 17:21, Michael Nielsen wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">none, but I've also tried with in. <br>
<br>
On Monday, September 14, 2015, Ítalo Rossi <<a href="mailto:italo@freeswitch.org" target="_blank"></a><a href="mailto:italo@freeswitch.org" target="_blank">italo@freeswitch.org</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>What you have in your tls-verify-policy ?</div>
<div><br>
</div>
Check the valid values here: <a href="https://freeswitch.org/confluence/display/FREESWITCH/Sofia+Configuration+Files#SofiaConfigurationFiles-Settings" target="_blank">https://freeswitch.org/confluence/display/FREESWITCH/Sofia+Configuration+Files#SofiaConfigurationFiles-Settings</a><br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 14, 2015 at 10:23 AM,
Michael Nielsen <span dir="ltr"><<a></a><a href="mailto:mic.niel84@gmail.com" target="_blank">mic.niel84@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">When doing so I get the following error in
fs_cli:
<div><br>
</div>
<div>
<p style="margin:0px;font-size:10px;font-family:Monaco;color:rgb(195,55,32);background-color:rgb(0,0,0)">2015-09-14
08:23:24.120749 [ERR] sofia_glue.c:329 Invalid
tls-verify-policy value: none</p>
</div>
<div>
<p style="margin:0px;font-size:10px;font-family:Monaco;color:rgb(195,55,32);background-color:rgb(0,0,0)">2015-09-14
08:23:24.160528 [ERR] sofia.c:2935 Error Creating
SIP UA for profile: internal-ipv6
(<a>sip:mod_sofia@</a>[::1]:5060;transport=udp,tcp) ATTEMPT
1 (RETRY IN 5 SEC)</p>
<p style="margin:0px;font-size:10px;font-family:Monaco;color:rgb(195,55,32);background-color:rgb(0,0,0)">2015-09-14
08:23:24.180781 [ERR] sofia.c:2935 Error Creating
SIP UA for profile: internal
(<a>sip:mod_sofia@159.122.89.10:5060;transport=udp,tcp</a>)
ATTEMPT 1 (RETRY IN 5 SEC)</p>
</div>
<div><br>
</div>
<div>And then sofia status only shows port 5080
running...</div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 14, 2015 at
9:01 AM, Michael Nielsen <span dir="ltr"><<a></a><a href="mailto:mic.niel84@gmail.com" target="_blank">mic.niel84@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I'm running this clean
installation of FS:
<div><a href="https://github.com/voxserv/freeswitch_conf_minimal" target="_blank">https://github.com/voxserv/freeswitch_conf_minimal</a><br>
</div>
<div><br>
</div>
<div>Everything seems to work and I would now
like to add TLS and SRTP encryption - for
use on public WiFi and such.</div>
<div><br>
</div>
<div>I've tried the following from this <a href="http://wiki.freeswitch.org/wiki/SIP_TLS#TLS.2C_SSL_and_SRTP_Encryption" target="_blank"></a><a href="http://wiki.freeswitch.org/wiki/SIP_TLS#TLS.2C_SSL_and_SRTP_Encryption" target="_blank">http://wiki.freeswitch.org/wiki/SIP_TLS#TLS.2C_SSL_and_SRTP_Encryption</a>:</div>
<div><br>
</div>
<div>
<pre style="font-family:monospace,Courier;padding:1em;border:1px dashed rgb(47,111,171);color:rgb(0,0,0);background-color:rgb(249,249,249);line-height:1.3em;font-size:13px">./gentls_cert setup -cn <a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -alt DNS:<a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -org <a href="http://freeswitch.org" target="_blank">freeswitch.org</a>
./gentls_cert create_server -cn <a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -alt DNS:<a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -org <a href="http://freeswitch.org" target="_blank">freeswitch.org</a>
</pre>
</div>
<div>And in vars.xml:</div>
<div>
<pre style="font-family:monospace,Courier;padding:1em;border:1px dashed rgb(47,111,171);color:rgb(0,0,0);background-color:rgb(249,249,249);line-height:1.3em;font-size:13px"><X-PRE-PROCESS cmd="set" data="sip_tls_version=sslv23"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
</pre>
</div>
<div>Of course with my own domain when
generating certificates.</div>
<div><br>
</div>
<div>Restarting FS and trying to connect to
5061 over TLS doesn't work.</div>
<div>Looking in fs_cli with debug 7 doesn't
output anything when the client tries to
connect.</div>
<div><br>
</div>
<div>How to debug or does anyone know what's
wrong? My certificates are generated
automatically in /usr/conf/ssl.</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a>consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a>FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">Ítalo Rossi
<div><a>italo@freeswitch.org</a></div>
</div>
</div>
</div>
</blockquote>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
</div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>