[Freeswitch-users] gateway registration using TLS

Sean Devoy sdevoy at bizfocused.com
Thu Jun 21 17:37:53 MSD 2012


HI MiKe,

 

I have not, but we have been looking into it.

 

Have you seen this thread:

http://lists.freeswitch.org/pipermail/freeswitch-users/2008-May/003233.html

where Brian West says:

You need to make sure you have openssl-devel when you configure/ 

compile Sofia otherwise it's not enabled.  Also their is more to it  

than "bin/gentls_cert setup"

http://wiki.freeswitch.org/wiki/Tls

 

And Helmut Kuper responds with:

ok works now. I had to install libgnutls-dev befor running ./configure
script. TLS works with default-values of "bin/gentls_cert setup" and
"bin/gentls_cert create".

 

Hope that helps,

Sean

 

 

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Mi Ke
Sent: Thursday, June 21, 2012 9:17 AM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] gateway registration using TLS

 

Hi Sean,

It seems that setting realm port to 5061 does not set registration mode to TLS - this is how remote server sees our reg attempt:

REGISTER sip:server_ip:5061;transport=tcp SIP/2.0
Via: SIP/2.0/TCP our_ip;branch=z9hG4bKXK27gKtt61X9a
Max-Forwards: 70
From: <sip:xxxx at server_ip:5061>;tag=Q4ytjXN7t319Q
To: <sip:xxxx at server_ip:5061>
Call-ID: 29e638e8-ba6d-11e1-aa8e-e35fbde939c6
CSeq: 29804746 REGISTER
Contact: <sip:gw+xxxx at our_ip:5060;transport=tcp;gw=xxxx>
Expires: 3600
User-Agent: FreeSWITCH-mod_sofia/1.2.0-rc2
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY
Supported: timer, precondition, path, replaces
Content-Length: 0

Instead of switching to TLS mode FS just sends plain unencrypted reg request to remote port 5061. After that remote server closes connection.

Have you practically succeded in placing FS into TLS registration mode?

Cheers / Mike

 

----- Original Message -----

From: Sean Devoy

Sent: 06/20/12 10:27 PM

To: 'FreeSWITCH Users Help'

Subject: Re: [Freeswitch-users] gateway registration using TLS

 

NO, sorry.  I just saw “remote_ip_here” in the error message and thought may you actually had used that.

 

 

 

 

 

Sorry.

 

 

 

 

 

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Mi Ke
Sent: Wednesday, June 20, 2012 12:20 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] gateway registration using TLS

 

 

 

 

 

Dear Sean,

It's not that bad - remote_ip, xxx and yyy are only placeholders in my example - actual config has real params ;)

Did you mean that FS will automatically use TLS for registration when I append :5061 to realm value ?

Thanks / MiKe

 

 

 

 

 

----- Original Message -----

 

 

From: Sean Devoy

 

 

Sent: 06/20/12 07:03 PM

 

 

To: 'FreeSWITCH Users Help'

 

 

Subject: Re: [Freeswitch-users] gateway registration using TLS

 

 

 

 

 

Mi Ke,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

You should put your actual remote provider’s domain name or tip address in where it says “remote_ip_here” and I assume you have entered you actual username and password where it says “yyy” and “zzz”.

 

 

 

 

 

 

 

 

It should look SIMILAR to this, but with your provider: <param name="realm" value="sip.voipinnovations.com:5061"/>

 

 

 

 

 

 

 

 

Hope that helps,

 

 

 

 

 

 

 

 

Sean

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] <mailto:%5Bmailto:freeswitch-users-bounces at lists.freeswitch.org%5D>  On Behalf Of Mi Ke
Sent: Wednesday, June 20, 2012 11:46 AM
To: Freeswitch Users
Subject: [Freeswitch-users] gateway registration using TLS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Hi All,

Is it possible to explicitly tell sofia to register as a client using TLS? Here's my TLS-related part of sofia config:

        <profiles>
            <profile name="external">
                <domains>
                    <domain name="all" alias="true" parse="false"/>
                </domains>
                <gateways>
                        <gateway name="xxx">
                                  <param name="register" value="true"/>
                                  <param name="username" value="yyy"/>
                                  <param name="realm" value="remote_ip_here:5061"/>
                                  <param name="password" value="zzz"/>
                                  <param name="register-transport" value="tcp"/>
                                  <param name="expire-seconds" value="3600"/>
                                  <param name="retry-seconds" value="60" />
                         </gateway>
                </gateways>
                <settings>
                       ...
                       <param name="context" value="external"/>
                       <param name="sip-port" value="5060"/>
                       <param name="tls" value="true"/>
                       <param name="tls-only" value="false"/>
                       <param name="tls-bind-params" value="transport=tls"/>
                       <param name="contact-params" value="tport=tcp"/>
                       <param name="tls-version" value="sslv23"/>
                       <param name="tls-cert-dir" value="/usr/local/freeswitch/conf/ssl"/>
                       <param name="tls-sip-port" value="5061"/>
                       <param name="dialplan" value="XML"/>
                       ...

                </settings>
            </profile>
        </profiles>

But that does not work...

tport_connected( 

 

 

 

 

 

 

 

 

0x7f9b44014110): events CONNECTED
tport_send_event(0x7f9b44014110) - ready to send to (tcp/remote_ip_here:5061 <http://212.58.166.54:5061> )
tport_vsend(0x7f9b44014110): 600 bytes of 600 to tcp/remote_ip_here:5061 <http://212.58.166.54:5061> 
tport_vsend returned 600
tport_set_events(0x7f9b44014110): events IN
tport(0x7f9b44014110): reset timer
tport_wakeup(0x7f9b44014110): events IN HUP ERR
tport_release(0x7f9b44014110): 0x7f9b4401a460 by 0x7f9b4402ca70 with (nil)
nta: REGISTER (29733430): Connection reset by peer (104) with tcp/[remote_ip_here]:5061
nua(0x7f9b440196a0): event r_register 503 Service Unavailable 

 

 

 

 

 

 

 

 


Any ideas what I'm doing wrong?

Thanks / MiKe

 

 

 

 

 

 

 

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120621/b536254e/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list