[OpenSIPS-Users] MS team issue
Nick Altmann
nick at altmann.pro
Mon May 10 14:41:44 EST 2021
Yes. You can use avp for this.
https://opensips.org/docs/modules/3.1.x/tls_mgm.html#param_client_sip_domain_avp
--
Nick
пн, 10 мая 2021 г. в 16:09, Carlos Eduardo <kaduww at gmail.com>:
> Hey all,
>
> About using the right certificate, is it possible to ensure opensips is
> going to use the right one when multiple are set in tls_mgm?
>
> Em seg., 10 de mai. de 2021 às 04:41, Răzvan Crainea <razvan at opensips.org>
> escreveu:
>
>> Hi, Miha!
>>
>> According to your logs, opensips is 100% sending the OPTIONS through
>> tls, but I am not sure it is using the right certificate.
>> You can try to setup sip trace and see the communication between
>> opensips and MSTeams.
>>
>> Best regards,
>>
>> Răzvan Crainea
>> OpenSIPS Core Developer
>> http://www.opensips-solutions.com
>>
>> On 5/10/21 9:54 AM, Miha via Users wrote:
>> > Hello
>> >
>> > I have used letsenrypt for generating certs for Opensips.
>> >
>> > Regarding configuration i have fallowed your configuration steps on
>> > OpenSips blog.
>> >
>> > socket=udp:xxx.xxx.xxx.xxx:5060 # CUSTOMIZE ME
>> > socket=tls:xxx.xxx.xxx.xxx:5061
>> >
>> >
>> >
>> >
>> > ### Proto TLS
>> > loadmodule "proto_tls.so"
>> > modparam("proto_tls", "tls_handshake_timeout", 300)
>> > #### TLS module
>> > loadmodule "tls_mgm.so"
>> > #modparam("tls_mgm", "db_url", "mysql://root:xxxx@localhost/opensips")
>> > modparam("tls_mgm", "client_sip_domain_avp", "mtsbcs.test.com")
>> > modparam("tls_mgm", "server_domain", "mt")
>> > #modparam("tls_mgm", "match_ip_address", "[mt]xxx.xxx.xxx.xxx:5061")
>> > #modparam("tls_mgm", "match_sip_domain", "[mt]mtsbcs.test.com")
>> > modparam("tls_mgm", "certificate",
>> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/cert.pem")
>> > modparam("tls_mgm", "private_key",
>> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/privkey.pem")
>> > modparam("tls_mgm", "ca_list", "[mt]/etc/ssl/certs/ca-certificates.crt")
>> > modparam("tls_mgm", "ca_dir", "[mt]/etc/ssl/certs/")
>> > modparam("tls_mgm","verify_cert", "[mt]1")
>> > modparam("tls_mgm","require_cert", "[mt]1")
>> > modparam("tls_mgm","tls_method", "[mt]TLSv1_2")
>> > modparam("proto_tls", "tls_max_msg_chunks", 8)
>> > #modparam("tls_mgm", "tls_handshake_timeout", 300)
>> >
>> > if(is_method("OPTIONS") && is_domain_local("$rd") &&
>> > check_source_address(0)) {
>> > xlog("L_INFO", "[MS TEAMS] OPTIONS In");
>> > send_reply(200, "OK");
>> > exit;
>> > }
>> >
>> >
>> > local_route {
>> > $var(dst) = "pstnhub.microsoft.com";
>> > xlog("L_INFO","promding TEST");
>> > xlog("TESTING");
>> > if (is_method("OPTIONS") && ($(ru{s.index, $var(dst)}) != NULL))
>> > append_hf("Contact: <sip:mtsbcs.test.com:5061
>> ;transport=tls>\r\n");
>> > xlog("L_INFO", "SEDING OPTIONS TO SBC");
>> > }
>> >
>> >
>> > I thnk that the main issue is that OPENSIPS does not send encrypted
>> > OPTION to MS teams.
>> >
>> > Logs:
>> >
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac:
>> > next_hop=<sip:sip.pstnhub.microsoft.com>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:mk_proxy: doing DNS
>> lookup...
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:sip_resolvehost: no
>> port,
>> > has proto -> do SRV lookup!
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup: resolving
>> > [sip.pstnhub.microsoft.com]
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup:
>> > SRV(_sips._tcp.sip.pstnhub.microsoft.com) =
>> sip.pstnhub.microsoft.com:5061
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
>> > sip2.pstnhub.microsoft.com:5061
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
>> > sip3.pstnhub.microsoft.com:5061
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: sending socket is
>> > 212.13.249.132
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:print_request_uri:
>> > sip:sip.pstnhub.microsoft.com
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: building
>> > sip_msg from buffer
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: SIP Request:
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: method:
>> <OPTIONS>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: uri:
>> > <sip:sip.pstnhub.microsoft.com>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: version:
>> <SIP/2.0>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>> > flags=ffffffffffffffff
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via_param: found
>> > param type 232, <branch> = <z9hG4bK8d8a.3706b135.0>; state=16
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via: end of header
>> > reached, state=5
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: via
>> found,
>> > flags=ffffffffffffffff
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: this is
>> > the first via
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: end of header
>> > reached, state=9
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: display={},
>> > ruri={sip:sip.pstnhub.microsoft.com}
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: <To>
>> [31];
>> > uri=[sip:sip.pstnhub.microsoft.com]
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: to body
>> > [sip:sip.pstnhub.microsoft.com#015#012
>> <http://sip.pstnhub.microsoft.com#015%23012>]
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: cseq
>> > <CSeq>: <14> <OPTIONS>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field:
>> > content_length=0
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: found end
>> > of header
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>> > flags=ffffffffffffffff
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=78
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>> > flags=ffffffffffffffff
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: Change in
>> > local route -> rebuilding buffer
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>> > flags=ffffffffffffffff
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: flags
>> = 15
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 2
>> > extracted as <To: sip:sip.pstnhub.microsoft.com#015#012
>> <http://sip.pstnhub.microsoft.com#015%23012>>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 1
>> > extracted as <From:
>> > <sip:prober at localhost
>> >;tag=a665d66adab06c7308a33b8567de92d6-f627#015#012>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 8
>> > extracted as <Call-ID: 12e30be047c27077-1020 at 212.13.249.132#015#012
>> <http://12e30be047c27077-1020@212.13.249.132#015%23012>>
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
>> > open tcp connection found, opening new one
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>> > getsockopt: snd is initially 16384
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>> > using snd buffer of 416 kb
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
>> > keepalive enabled on socket 5
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
>> > new tcp connection to: 52.114.75.24
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
>> > 5061, proto 3
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
>> > Creating a whole new ssl connection
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
>> > destroying connection 0x7f45d7e08078, flags 0018
>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [0]:
>> > 0x7f45d7e066b0 (1625)
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:timer_routine: timer
>> > routine:0,tl=0x7f45d7e066b0 next=(nil), timeout=1625
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler:
>> > Cancel sent out, sending 408 (0x7f45d7e06460)
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
>> > T_code=0, new_code=408
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_pick_branch: picked
>> > branch 0, code 408 (prio=800)
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:is_3263_failure:
>> > dns-failover test: branch=0, last_recv=408, flags=0
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
>> > trying DNS-based failover
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:do_dns_failover: new
>> > destination available
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
>> > May 10 08:53:15 mtsbc opensips[1020]:
>> > DBG:core:build_req_buf_from_sip_req: id added: <;i=0>, rcv proto=3
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers:
>> > flags=ffffffffffffffff
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
>> > open tcp connection found, opening new one
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>> > getsockopt: snd is initially 16384
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>> > using snd buffer of 416 kb
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
>> > keepalive enabled on socket 5
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
>> > new tcp connection to: 52.114.132.46
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
>> > 5061, proto 3
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
>> > Creating a whole new ssl connection
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
>> > destroying connection 0x7f45d7e08078, flags 0018
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
>> > open tcp connection found, opening new one
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>> > getsockopt: snd is initially 16384
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>> > using snd buffer of 416 kb
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
>> > keepalive enabled on socket 5
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
>> > new tcp connection to: 52.114.14.70
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
>> > 5061, proto 3
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
>> > Creating a whole new ssl connection
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
>> > destroying connection 0x7f45d7e08078, flags 0018
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: branch=0,
>> > save=0, winner=0
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: local
>> > transaction completed
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:run_trans_callbacks:
>> > trans=0x7f45d7e06460, callback type 256, id 0 entered
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [2]:
>> > 0x7f45d7e064e0 (1630)
>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler:
>> done
>> >
>> >
>> >
>> > Thank you
>> > miha
>> >
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> --
> *Carlos E. Wagner*
> *Tecnólogo em Telecomunicações, Opensips Certified Professional*
>
> *Fone: +55 48 99981-0894*
> *E-mail:* kaduww at gmail.com
> *LinkedIn:* https://www.linkedin.com/in/carlos-eduardo-wagner-96bbb433/
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210510/b083f43d/attachment-0001.html>
More information about the Users
mailing list