[Freeswitch-users] TLS and 5061 doesn't seem to work

Thomas lists at virtues.net
Tue Sep 15 00:55:44 MSD 2015 

The "none" option for the policy is part of the old standard config, no idea why it doesn't work (anymore?). Seen that 
error a lot, but it never prevented the profile from setting up the socket.

You sure none of these ports are already in use? (netstat -lpn) Does the box have an IPv6 interface? Is 159.122.89.10 
configured on any interface?

If you did not get this error and the SIP profiles were loading properly before your TLS changes, revert and do it step 
by step. You can issue a "reload mod_sofia" to test the new config without restarting FS.


On 14.09.2015 17:21, Michael Nielsen wrote:
> none, but I've also tried with in.
>
> On Monday, September 14, 2015, Ítalo Rossi <italo at freeswitch.org <mailto:italo at freeswitch.org>> wrote:
>
>     What you have in your tls-verify-policy ?
>
>     Check the valid values here:
>     https://freeswitch.org/confluence/display/FREESWITCH/Sofia+Configuration+Files#SofiaConfigurationFiles-Settings
>
>     On Mon, Sep 14, 2015 at 10:23 AM, Michael Nielsen <mic.niel84 at gmail.com
>     <javascript:_e(%7B%7D,'cvml','mic.niel84 at gmail.com');>> wrote:
>
>         When doing so I get the following error in fs_cli:
>
>         2015-09-14 08:23:24.120749 [ERR] sofia_glue.c:329 Invalid tls-verify-policy value: none
>
>         2015-09-14 08:23:24.160528 [ERR] sofia.c:2935 Error Creating SIP UA for profile: internal-ipv6
>         (sip:mod_sofia@[::1]:5060;transport=udp,tcp) ATTEMPT 1 (RETRY IN 5 SEC)
>
>         2015-09-14 08:23:24.180781 [ERR] sofia.c:2935 Error Creating SIP UA for profile: internal
>         (sip:mod_sofia at 159.122.89.10:5060;transport=udp,tcp) ATTEMPT 1 (RETRY IN 5 SEC)
>
>
>         And then sofia status only shows port 5080 running...
>
>         On Mon, Sep 14, 2015 at 9:01 AM, Michael Nielsen <mic.niel84 at gmail.com
>         <javascript:_e(%7B%7D,'cvml','mic.niel84 at gmail.com');>> wrote:
>
>             I'm running this clean installation of FS:
>             https://github.com/voxserv/freeswitch_conf_minimal
>
>             Everything seems to work and I would now like to add TLS and SRTP encryption - for use on public WiFi and
>             such.
>
>             I've tried the following from this http://wiki.freeswitch.org/wiki/SIP_TLS#TLS.2C_SSL_and_SRTP_Encryption:
>
>             ./gentls_cert setup -cnpbx.freeswitch.org <http://pbx.freeswitch.org>  -alt DNS:pbx.freeswitch.org <http://pbx.freeswitch.org>  -orgfreeswitch.org <http://freeswitch.org>
>             ./gentls_cert create_server -cnpbx.freeswitch.org <http://pbx.freeswitch.org>  -alt DNS:pbx.freeswitch.org <http://pbx.freeswitch.org>  -orgfreeswitch.org <http://freeswitch.org>
>
>             And in vars.xml:
>
>             <X-PRE-PROCESS cmd="set" data="sip_tls_version=sslv23"/>
>             <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
>
>             Of course with my own domain when generating certificates.
>
>             Restarting FS and trying to connect to 5061 over TLS doesn't work.
>             Looking in fs_cli with debug 7 doesn't output anything when the client tries to connect.
>
>             How to debug or does anyone know what's wrong? My certificates are generated automatically in /usr/conf/ssl.
>
>
>
>         _________________________________________________________________________
>         Professional FreeSWITCH Consulting Services:
>         consulting at freeswitch.org <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
>         http://www.freeswitchsolutions.com
>
>         Official FreeSWITCH Sites
>         http://www.freeswitch.org
>         http://confluence.freeswitch.org
>         http://www.cluecon.com
>
>         FreeSWITCH-users mailing list
>         FreeSWITCH-users at lists.freeswitch.org <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
>         http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>         UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>         http://www.freeswitch.org
>
>
>
>
>     -- 
>     Ítalo Rossi
>     italo at freeswitch.org <javascript:_e(%7B%7D,'cvml','italo at freeswitch.org');>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150914/6f4c9e19/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list