[Freeswitch-users] TLS and 5061 doesn't seem to work

Brian West brian at freeswitch.org
Tue Sep 15 00:24:01 MSD 2015


wss-binding is set and no wss.pem can be generated due to permissions or
its utterly broken.

On Mon, Sep 14, 2015 at 3:21 PM, Michael Nielsen <mic.niel84 at gmail.com>
wrote:

> none, but I've also tried with in.
>
>
> On Monday, September 14, 2015, Ítalo Rossi <italo at freeswitch.org> wrote:
>
>> What you have in your tls-verify-policy ?
>>
>> Check the valid values here:
>> https://freeswitch.org/confluence/display/FREESWITCH/Sofia+Configuration+Files#SofiaConfigurationFiles-Settings
>>
>> On Mon, Sep 14, 2015 at 10:23 AM, Michael Nielsen <mic.niel84 at gmail.com>
>> wrote:
>>
>>> When doing so I get the following error in fs_cli:
>>>
>>> 2015-09-14 08:23:24.120749 [ERR] sofia_glue.c:329 Invalid
>>> tls-verify-policy value: none
>>>
>>> 2015-09-14 08:23:24.160528 [ERR] sofia.c:2935 Error Creating SIP UA for
>>> profile: internal-ipv6 (sip:mod_sofia@[::1]:5060;transport=udp,tcp)
>>> ATTEMPT 1 (RETRY IN 5 SEC)
>>>
>>> 2015-09-14 08:23:24.180781 [ERR] sofia.c:2935 Error Creating SIP UA for
>>> profile: internal (sip:mod_sofia at 159.122.89.10:5060;transport=udp,tcp)
>>> ATTEMPT 1 (RETRY IN 5 SEC)
>>>
>>> And then sofia status only shows port 5080 running...
>>>
>>> On Mon, Sep 14, 2015 at 9:01 AM, Michael Nielsen <mic.niel84 at gmail.com>
>>> wrote:
>>>
>>>> I'm running this clean installation of FS:
>>>> https://github.com/voxserv/freeswitch_conf_minimal
>>>>
>>>> Everything seems to work and I would now like to add TLS and SRTP
>>>> encryption - for use on public WiFi and such.
>>>>
>>>> I've tried the following from this
>>>> http://wiki.freeswitch.org/wiki/SIP_TLS#TLS.2C_SSL_and_SRTP_Encryption:
>>>>
>>>> ./gentls_cert setup -cn pbx.freeswitch.org -alt DNS:pbx.freeswitch.org -org freeswitch.org
>>>> ./gentls_cert create_server -cn pbx.freeswitch.org -alt DNS:pbx.freeswitch.org -org freeswitch.org
>>>>
>>>> And in vars.xml:
>>>>
>>>> <X-PRE-PROCESS cmd="set" data="sip_tls_version=sslv23"/>
>>>> <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
>>>>
>>>> Of course with my own domain when generating certificates.
>>>>
>>>> Restarting FS and trying to connect to 5061 over TLS doesn't work.
>>>> Looking in fs_cli with debug 7 doesn't output anything when the client
>>>> tries to connect.
>>>>
>>>> How to debug or does anyone know what's wrong? My certificates are
>>>> generated automatically in /usr/conf/ssl.
>>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>> Ítalo Rossi
>> italo at freeswitch.org
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150914/218804f6/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list