[Freeswitch-users] gateway registration using TLS

Mi Ke mi.ke at null.net
Thu Jun 21 17:17:03 MSD 2012


Hi Sean,

 It seems that setting realm port to 5061 does not set registration mode to TLS - this is how remote server sees our reg attempt:

 REGISTER sip:server_ip:5061;transport=tcp SIP/2.0
 Via: SIP/2.0/TCP our_ip;branch=z9hG4bKXK27gKtt61X9a
 Max-Forwards: 70
 From: <sip:xxxx at server_ip:5061>;tag=Q4ytjXN7t319Q
 To: <sip:xxxx at server_ip:5061>
 Call-ID: 29e638e8-ba6d-11e1-aa8e-e35fbde939c6
 CSeq: 29804746 REGISTER
 Contact: <sip:gw+xxxx at our_ip:5060;transport=tcp;gw=xxxx>
 Expires: 3600
 User-Agent: FreeSWITCH-mod_sofia/1.2.0-rc2
 Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY
 Supported: timer, precondition, path, replaces
 Content-Length: 0

 Instead of switching to TLS mode FS just sends plain unencrypted reg request to remote port 5061. After that remote server closes connection.

 Have you practically succeded in placing FS into TLS registration mode?

 Cheers / Mike

----- Original Message -----
From: Sean Devoy
Sent: 06/20/12 10:27 PM
To: 'FreeSWITCH Users Help'
Subject: Re: [Freeswitch-users] gateway registration using TLS

NO, sorry. I just saw “remote_ip_here” in the error message and thought may you actually had used that.
Sorry.
From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org]  *On Behalf Of *Mi Ke
 *Sent:* Wednesday, June 20, 2012 12:20 PM
 *To:* FreeSWITCH Users Help
 *Subject:* Re: [Freeswitch-users] gateway registration using TLS
Dear Sean,

 It's not that bad - remote_ip, xxx and yyy are only placeholders in my example - actual config has real params ;)

 Did you mean that FS will automatically use TLS for registration when I append :5061 to realm value ?

 Thanks / MiKe
----- Original Message -----
From: Sean Devoy
Sent: 06/20/12 07:03 PM
To: 'FreeSWITCH Users Help'
Subject: Re: [Freeswitch-users] gateway registration using TLS

Mi Ke,
You should put your actual remote provider’s domain name or tip address in where it says “remote_ip_here” and I assume you have entered you actual username and password where it says “yyy” and “zzz”.
It should look SIMILAR to this, but with your provider: <param name="realm" value="sip.voipinnovations.com:5061"/>
Hope that helps,
Sean
From: freeswitch-users-bounces at lists.freeswitch.org  %5Bmailto:freeswitch-users-bounces at lists.freeswitch.org%5D  *On Behalf Of *Mi Ke
 *Sent:* Wednesday, June 20, 2012 11:46 AM
 *To:* Freeswitch Users
 *Subject:* [Freeswitch-users] gateway registration using TLS

Hi All,

 Is it possible to explicitly tell sofia to register as a client using TLS? Here's my TLS-related part of sofia config:

 <profiles>
 <profile name="external">
 <domains>
 <domain name="all" alias="true" parse="false"/>
 </domains>
 <gateways>
 <gateway name="xxx">
 <param name="register" value="true"/>
 <param name="username" value="yyy"/>
 <param name="realm" value="remote_ip_here:5061"/>
 <param name="password" value="zzz"/>
 <param name="register-transport" value="tcp"/>
 <param name="expire-seconds" value="3600"/>
 <param name="retry-seconds" value="60" />
 </gateway>
 </gateways>
 <settings>
 ...
 <param name="context" value="external"/>
 <param name="sip-port" value="5060"/>
 <param name="tls" value="true"/>
 <param name="tls-only" value="false"/>
 <param name="tls-bind-params" value="transport=tls"/>
 <param name="contact-params" value="tport=tcp"/>
 <param name="tls-version" value="sslv23"/>
 <param name="tls-cert-dir" value="/usr/local/freeswitch/conf/ssl"/>
 <param name="tls-sip-port" value="5061"/>
 <param name="dialplan" value="XML"/>
 ...

 </settings>
 </profile>
 </profiles>

 But that does not work...

 tport_connected( 

0x7f9b44014110): events CONNECTED
 tport_send_event(0x7f9b44014110) - ready to send to (tcp/remote_ip_here:5061 http://212.58.166.54:5061 )
 tport_vsend(0x7f9b44014110): 600 bytes of 600 to tcp/remote_ip_here:5061 http://212.58.166.54:5061 
 tport_vsend returned 600
 tport_set_events(0x7f9b44014110): events IN
 tport(0x7f9b44014110): reset timer
 tport_wakeup(0x7f9b44014110): events IN HUP ERR
 tport_release(0x7f9b44014110): 0x7f9b4401a460 by 0x7f9b4402ca70 with (nil)
nta: REGISTER (29733430): Connection reset by peer (104) with tcp/[remote_ip_here]:5061
nua(0x7f9b440196a0): event r_register 503 Service Unavailable

Any ideas what I'm doing wrong?

 Thanks / MiKe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120621/ccbe402f/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list