[OpenSIPS-Users] why tls not enable
Bogdan-Andrei Iancu
bogdan at opensips.org
Fri Jan 22 10:24:10 CET 2016
Hi,
You have there something terrible wrong.
If the startup logs show:
Listening on
udp: 125.227.130.1 [125.227.130.1]:5060
udp: 125.227.130.1 [125.227.130.1]:3478
tls: 125.227.130.1 [125.227.130.1]:5061
, why do you see on netstat a completely different IP :
root at 125-227-130-1:~# netstat -lnp | grep opensips
udp 0 0 127.0.0.1:5060 <http://127.0.0.1:5060> 0.0.0.0:*
1443/opensips
?????
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 22.01.2016 06:26, chiu ching cheng wrote:
> Dear Bogdan:
>
> netstat -tuln | grep 5060
> tcp 0 0 0.0.0.0:25060 <http://0.0.0.0:25060> 0.0.0.0:*
> LISTEN
> udp 0 0 127.0.0.1:5060 <http://127.0.0.1:5060> 0.0.0.0:*
> root at 125-227-130-1:~# netstat -lnp | grep opensips
> udp 0 0 127.0.0.1:5060 <http://127.0.0.1:5060> 0.0.0.0:*
> 1443/opensips
> root at 125-227-130-1:~# netstat -apn | grep opensips
> udp 0 0 127.0.0.1:5060 <http://127.0.0.1:5060> 0.0.0.0:*
> 1443/opensips
> unix 2 [ ] DGRAM 10588 1443/opensips
> unix 2 [ ] DGRAM 10590 1443/opensips
>
> root at 125-227-130-1:~# netstat -tuln | grep 5060
> tcp 0 0 0.0.0.0:25060 <http://0.0.0.0:25060> 0.0.0.0:*
> LISTEN
> udp 0 0 127.0.0.1:5060 <http://127.0.0.1:5060> 0.0.0.0:*
> root at 125-227-130-1:~# netstat -tuln | grep 5061
> tcp 0 0 0.0.0.0:25061 <http://0.0.0.0:25061> 0.0.0.0:*
> LISTEN
>
> On Tue, Jan 19, 2016 at 6:41 PM, Bogdan-Andrei Iancu
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
> Hi ,
>
> if you do "netstat -lnp | grep opensips" do you see the other 2
> UDP listeners ?
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 13.01.2016 03:30, chiu ching cheng wrote:
>> Hello :Bordon
>>
>> Now "opensipsctl start " is ok , and
>>
>> opensips -f /usr/etc/opensips/opensips.cfg
>>
>> Listening on
>> udp: 125.227.130.1 [125.227.130.1]:5060
>> udp: 125.227.130.1 [125.227.130.1]:3478
>> tls: 125.227.130.1 [125.227.130.1]:5061
>> Aliases:
>> *: 125.227.130.1:*
>>
>> But :~# netstat -tuln | grep 5061
>> tcp 0 0 0.0.0.0:25061 <http://0.0.0.0:25061>
>> 0.0.0.0:* LISTEN
>>
>> tls service not start
>>
>> On Tue, Jan 12, 2016 at 4:45 PM, Bogdan-Andrei Iancu
>> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>
>> Hi,
>>
>> Try to manually start "opensips -f /path/to/opensips.cfg"
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 12.01.2016 08:56, chiu ching cheng wrote:
>>> Hello Bogdan:
>>>
>>> I am start up opensips with "opensipsctl start " , and no
>>> "-f" parameter . In my impression , it would inspect
>>> opensips.cfg configuration for opensipsctl script .
>>>
>>> On Mon, Jan 11, 2016 at 6:06 PM, Bogdan-Andrei Iancu
>>> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>>
>>> Hi,
>>>
>>> I do not contest the correctness of your cfg, but I'm
>>> simply asking if you are 100% sure that your opensips is
>>> using the correct opensips.cfg file ( be sure by
>>> explicitly pointing the file via "-f" startup option).
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>> OpenSIPS Founder and Developer
>>> http://www.opensips-solutions.com
>>>
>>> On 11.01.2016 03:46, chiu ching cheng wrote:
>>>> ----------------------------------------------------
>>>> openssips.cfg
>>>>
>>>> listen=tls:X.X.X.X:5061 # CUSTOMIZE ME
>>>> rev_dns=no
>>>>
>>>> advertised_address="X.X.X.X"
>>>> alias=X.X.X.X
>>>>
>>>>
>>>> loadmodule "proto_udp.so"
>>>>
>>>>
>>>> loadmodule "proto_tls.so"
>>>> modparam("proto_tls","verify_cert", "0")
>>>> modparam("proto_tls","require_cert", "0")
>>>> modparam("proto_tls","tls_method", "TLSv1")
>>>> modparam("proto_tls", "ciphers_list", "NULL")
>>>> modparam("proto_tls","certificate",
>>>> "/usr/local/etc/opensips/tls/user/user-cert.pem")
>>>> modparam("proto_tls","private_key",
>>>> "/usr/local/etc/opensips/tls/user/user-privkey.pem")
>>>> modparam("proto_tls","ca_list",
>>>> "/usr/local/etc/opensips/tls/user/user-calist.pem")
>>>>
>>>>
>>>> On Fri, Jan 8, 2016 at 11:39 PM, Bogdan-Andrei Iancu
>>>> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> Are you sure your opensips is using the proper
>>>> config file (where the TLS interface is defined) ?
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>> OpenSIPS Founder and Developer
>>>> http://www.opensips-solutions.com
>>>>
>>>> On 08.01.2016 12:06, chiu ching cheng wrote:
>>>>> Dear Bordan :
>>>>>
>>>>> netstat -lnp | grep opensips
>>>>> udp 0 0 127.0.0.1:5060
>>>>> <http://127.0.0.1:5060> 0.0.0.0:* 1365/opensips
>>>>>
>>>>> you can find opensips is run , but just enable udp
>>>>> , not tls
>>>>>
>>>>> On Wed, Jan 6, 2016 at 5:24 PM, Bogdan-Andrei
>>>>> Iancu <bogdan at opensips.org
>>>>> <mailto:bogdan at opensips.org>> wrote:
>>>>>
>>>>> Try
>>>>>
>>>>> "netstat -lnp | grep opensips"
>>>>>
>>>>> Regards,
>>>>>
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developer
>>>>> http://www.opensips-solutions.com
>>>>>
>>>>> On 06.01.2016 04:26, chiu ching cheng wrote:
>>>>>> Dear Bogdan:
>>>>>>
>>>>>> thanks your reply , but as following , the
>>>>>> sip udp is enable , opensips is enable ,and
>>>>>> log no error . but tls not enable
>>>>>>
>>>>>> I ever install another opensips server which
>>>>>> is behind the firewall and tls work fine ,
>>>>>> but this server is one interface public ip ,
>>>>>> one interface private , I just config one
>>>>>> public ip . I don't know if this caused
>>>>>> failure ( opensips at lease need two ip ?) .
>>>>>>
>>>>>> thanks !
>>>>>>
>>>>>> root at 125-227-130-1:~# netstat -tuln | grep 5061
>>>>>> tcp 0 0 0.0.0.0:25061
>>>>>> <http://0.0.0.0:25061> 0.0.0.0:* LISTEN
>>>>>> root at 125-227-130-1:~# netstat -tuln | grep 5060
>>>>>> tcp 0 0 0.0.0.0:25060
>>>>>> <http://0.0.0.0:25060> 0.0.0.0:* LISTEN
>>>>>> udp 0 0 127.0.0.1:5060
>>>>>> <http://127.0.0.1:5060> 0.0.0.0:*
>>>>>> root at 125-227-130-1:~# ps auxw | grep opensips
>>>>>> root 1466 0.0 0.0 70052 4248 ? S
>>>>>> 10:12 0:00 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1467 0.0 0.0 70056 892 ? S
>>>>>> 10:12 0:00 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1468 0.4 0.0 70052 464 ? S
>>>>>> 10:12 0:01 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1469 0.0 0.0 70052 464 ? S
>>>>>> 10:12 0:00 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1470 0.0 0.0 70052 656 ? S
>>>>>> 10:12 0:00 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1471 0.0 0.0 70052 656 ? S
>>>>>> 10:12 0:00 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1472 0.0 0.0 70052 656 ? S
>>>>>> 10:12 0:00 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1473 0.0 0.0 70052 896 ? S
>>>>>> 10:12 0:00 /usr/local/sbin/opensips -P
>>>>>> /var/run/opensips.pid
>>>>>> root 1731 0.0 0.0 11744 924 pts/0 R+
>>>>>> 10:18 0:00 grep --color=auto opensips
>>>>>>
>>>>>> On Tue, Jan 5, 2016 at 9:54 PM, Bogdan-Andrei
>>>>>> Iancu <bogdan at opensips.org
>>>>>> <mailto:bogdan at opensips.org>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Are you sure opensips is actually started
>>>>>> ? check logs file for error or do "ps
>>>>>> auxw | grep opensips"
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Bogdan-Andrei Iancu
>>>>>> OpenSIPS Founder and Developer
>>>>>> http://www.opensips-solutions.com
>>>>>>
>>>>>> On 28.12.2015 11:19, chiu ching cheng wrote:
>>>>>>> Dear man :
>>>>>>>
>>>>>>> I install opensips 2.1.1 . It's seems ok
>>>>>>> . But I find tls service not start . why
>>>>>>> ? It's strange . Any one can give a
>>>>>>> explain . Thanks .
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> lsb_release -a
>>>>>>> No LSB modules are available.
>>>>>>> Distributor ID:Ubuntu
>>>>>>> Description:Ubuntu 14.04.1 LTS
>>>>>>> Release:14.04
>>>>>>> Codename:trusty
>>>>>>> ------------------------------------------------------
>>>>>>> opensipsctl restart
>>>>>>>
>>>>>>> INFO: Restarting OpenSIPS :
>>>>>>> INFO: stopped
>>>>>>>
>>>>>>> INFO: Starting OpenSIPS :
>>>>>>> INFO: started (pid: 2706)
>>>>>>>
>>>>>>> ----------------------------------------------------
>>>>>>> openssips.cfg
>>>>>>>
>>>>>>> listen=tls:X.X.X.X:5061 # CUSTOMIZE ME
>>>>>>> rev_dns=no
>>>>>>>
>>>>>>> advertised_address="X.X.X.X"
>>>>>>> alias=X.X.X.X
>>>>>>>
>>>>>>>
>>>>>>> loadmodule "proto_udp.so"
>>>>>>>
>>>>>>>
>>>>>>> loadmodule "proto_tls.so"
>>>>>>> modparam("proto_tls","verify_cert", "0")
>>>>>>> modparam("proto_tls","require_cert", "0")
>>>>>>> modparam("proto_tls","tls_method", "TLSv1")
>>>>>>> modparam("proto_tls", "ciphers_list",
>>>>>>> "NULL")
>>>>>>> modparam("proto_tls","certificate",
>>>>>>> "/usr/local/etc/opensips/tls/user/user-cert.pem")
>>>>>>> modparam("proto_tls","private_key",
>>>>>>> "/usr/local/etc/opensips/tls/user/user-privkey.pem")
>>>>>>> modparam("proto_tls","ca_list",
>>>>>>> "/usr/local/etc/opensips/tls/user/user-calist.pem")
>>>>>>>
>>>>>>> ----------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>>> netstat -tuln | grep 5061
>>>>>>> tcp 0 0 0.0.0.0:25061
>>>>>>> <http://0.0.0.0:25061> 0.0.0.0:* LISTEN
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at lists.opensips.org
>>>>>>> <mailto:Users at lists.opensips.org>
>>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160122/54b7b78f/attachment-0001.htm>
More information about the Users
mailing list