[OpenSIPS-Users] MS team issue

Carlos Eduardo kaduww at gmail.com
Mon May 10 14:06:51 EST 2021


Hey all,

About using the right certificate, is it possible to ensure opensips is
going to use the right one when multiple are set in tls_mgm?

Em seg., 10 de mai. de 2021 às 04:41, Răzvan Crainea <razvan at opensips.org>
escreveu:

> Hi, Miha!
>
> According to your logs, opensips is 100% sending the OPTIONS through
> tls, but I am not sure it is using the right certificate.
> You can try to setup sip trace and see the communication between
> opensips and MSTeams.
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Core Developer
> http://www.opensips-solutions.com
>
> On 5/10/21 9:54 AM, Miha via Users wrote:
> > Hello
> >
> > I have used letsenrypt for generating certs for Opensips.
> >
> > Regarding configuration i have fallowed your configuration steps on
> > OpenSips blog.
> >
> > socket=udp:xxx.xxx.xxx.xxx:5060   # CUSTOMIZE ME
> > socket=tls:xxx.xxx.xxx.xxx:5061
> >
> >
> >
> >
> > ### Proto TLS
> > loadmodule "proto_tls.so"
> > modparam("proto_tls", "tls_handshake_timeout", 300)
> > #### TLS module
> > loadmodule "tls_mgm.so"
> > #modparam("tls_mgm", "db_url", "mysql://root:xxxx@localhost/opensips")
> > modparam("tls_mgm", "client_sip_domain_avp", "mtsbcs.test.com")
> > modparam("tls_mgm", "server_domain", "mt")
> > #modparam("tls_mgm", "match_ip_address", "[mt]xxx.xxx.xxx.xxx:5061")
> > #modparam("tls_mgm", "match_sip_domain", "[mt]mtsbcs.test.com")
> > modparam("tls_mgm", "certificate",
> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/cert.pem")
> > modparam("tls_mgm", "private_key",
> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/privkey.pem")
> > modparam("tls_mgm", "ca_list", "[mt]/etc/ssl/certs/ca-certificates.crt")
> > modparam("tls_mgm", "ca_dir", "[mt]/etc/ssl/certs/")
> > modparam("tls_mgm","verify_cert", "[mt]1")
> > modparam("tls_mgm","require_cert", "[mt]1")
> > modparam("tls_mgm","tls_method", "[mt]TLSv1_2")
> > modparam("proto_tls", "tls_max_msg_chunks", 8)
> > #modparam("tls_mgm", "tls_handshake_timeout", 300)
> >
> >          if(is_method("OPTIONS") && is_domain_local("$rd") &&
> > check_source_address(0)) {
> >                  xlog("L_INFO", "[MS TEAMS] OPTIONS In");
> >                  send_reply(200, "OK");
> >                  exit;
> >          }
> >
> >
> > local_route {
> >    $var(dst) = "pstnhub.microsoft.com";
> >    xlog("L_INFO","promding TEST");
> >    xlog("TESTING");
> >    if (is_method("OPTIONS") && ($(ru{s.index, $var(dst)}) != NULL))
> >      append_hf("Contact: <sip:mtsbcs.test.com:5061;transport=tls>\r\n");
> >      xlog("L_INFO", "SEDING OPTIONS TO SBC");
> > }
> >
> >
> > I thnk that the main issue is that OPENSIPS does not send encrypted
> > OPTION to MS teams.
> >
> > Logs:
> >
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac:
> > next_hop=<sip:sip.pstnhub.microsoft.com>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:mk_proxy: doing DNS
> lookup...
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:sip_resolvehost: no port,
> > has proto -> do SRV lookup!
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup: resolving
> > [sip.pstnhub.microsoft.com]
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup:
> > SRV(_sips._tcp.sip.pstnhub.microsoft.com) =
> sip.pstnhub.microsoft.com:5061
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
> > sip2.pstnhub.microsoft.com:5061
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
> > sip3.pstnhub.microsoft.com:5061
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: sending socket is
> > 212.13.249.132
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:print_request_uri:
> > sip:sip.pstnhub.microsoft.com
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: building
> > sip_msg from buffer
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: SIP Request:
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: method:
> <OPTIONS>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: uri:
> > <sip:sip.pstnhub.microsoft.com>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: version:
> <SIP/2.0>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> > flags=ffffffffffffffff
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via_param: found
> > param type 232, <branch> = <z9hG4bK8d8a.3706b135.0>; state=16
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via: end of header
> > reached, state=5
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: via found,
> > flags=ffffffffffffffff
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: this is
> > the first via
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: end of header
> > reached, state=9
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: display={},
> > ruri={sip:sip.pstnhub.microsoft.com}
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: <To> [31];
> > uri=[sip:sip.pstnhub.microsoft.com]
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: to body
> > [sip:sip.pstnhub.microsoft.com#015#012
> <http://sip.pstnhub.microsoft.com#015%23012>]
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: cseq
> > <CSeq>: <14> <OPTIONS>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field:
> > content_length=0
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: found end
> > of header
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> > flags=ffffffffffffffff
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=78
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> > flags=ffffffffffffffff
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: Change in
> > local route -> rebuilding buffer
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> > flags=ffffffffffffffff
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: flags =
> 15
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 2
> > extracted as <To: sip:sip.pstnhub.microsoft.com#015#012
> <http://sip.pstnhub.microsoft.com#015%23012>>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 1
> > extracted as <From:
> > <sip:prober at localhost
> >;tag=a665d66adab06c7308a33b8567de92d6-f627#015#012>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 8
> > extracted as <Call-ID: 12e30be047c27077-1020 at 212.13.249.132#015#012
> <http://12e30be047c27077-1020@212.13.249.132#015%23012>>
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
> > open tcp connection found, opening new one
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> > getsockopt: snd is initially 16384
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> > using snd buffer of 416 kb
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
> > keepalive enabled on socket 5
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
> > new tcp connection to: 52.114.75.24
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
> > 5061, proto 3
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
> > Creating a whole new ssl connection
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
> > destroying connection 0x7f45d7e08078, flags 0018
> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [0]:
> > 0x7f45d7e066b0 (1625)
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:timer_routine: timer
> > routine:0,tl=0x7f45d7e066b0 next=(nil), timeout=1625
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler:
> > Cancel sent out, sending 408 (0x7f45d7e06460)
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
> > T_code=0, new_code=408
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_pick_branch: picked
> > branch 0, code 408 (prio=800)
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:is_3263_failure:
> > dns-failover test: branch=0, last_recv=408, flags=0
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
> > trying DNS-based failover
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:do_dns_failover: new
> > destination available
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
> > May 10 08:53:15 mtsbc opensips[1020]:
> > DBG:core:build_req_buf_from_sip_req: id added: <;i=0>, rcv proto=3
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers:
> > flags=ffffffffffffffff
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
> > open tcp connection found, opening new one
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> > getsockopt: snd is initially 16384
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> > using snd buffer of 416 kb
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
> > keepalive enabled on socket 5
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
> > new tcp connection to: 52.114.132.46
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
> > 5061, proto 3
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
> > Creating a whole new ssl connection
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
> > destroying connection 0x7f45d7e08078, flags 0018
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
> > open tcp connection found, opening new one
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> > getsockopt: snd is initially 16384
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> > using snd buffer of 416 kb
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
> > keepalive enabled on socket 5
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
> > new tcp connection to: 52.114.14.70
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
> > 5061, proto 3
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
> > Creating a whole new ssl connection
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
> > destroying connection 0x7f45d7e08078, flags 0018
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: branch=0,
> > save=0, winner=0
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: local
> > transaction completed
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:run_trans_callbacks:
> > trans=0x7f45d7e06460, callback type 256, id 0 entered
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [2]:
> > 0x7f45d7e064e0 (1630)
> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler: done
> >
> >
> >
> > Thank you
> > miha
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


-- 
*Carlos E. Wagner*
*Tecnólogo em Telecomunicações, Opensips Certified Professional*

*Fone: +55 48 99981-0894*
*E-mail:* kaduww at gmail.com
*LinkedIn:* https://www.linkedin.com/in/carlos-eduardo-wagner-96bbb433/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210510/bd2f1146/attachment-0001.html>


More information about the Users mailing list