[OpenSIPS-Users] MS Teams and SBC integration
Bogdan-Andrei Iancu
bogdan at opensips.org
Mon Mar 10 07:33:21 UTC 2025
Hi,
For the incoming TLS connections, the right TLS server domain is
selected based either on the IP address (of OpenSIPS's listener), either
on the SIP domain (if SNI is used).
So, maybe SNI is not used in your case, so you should define a
match_ip_address:
https://opensips.org/html/docs/modules/3.4.x/tls_mgm.html#param_match_ip_address
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 07.03.2025 23:10, Thiago Lopes via Users wrote:
> Hi everyone,
>
> I'm trying to integrate Ms Teams and Opensips and I'm having some
> problems.
>
> I tried to use self signed and Letsencrypt certificates, with no
> success. I always receive a ''no TLS client domain found'.
>
> /usr/sbin/opensips[505412]: ERROR:proto_tls:proto_tls_conn_init: no
> TLS client domain found
> /usr/sbin/opensips[505412]: ERROR:core:tcp_conn_create: failed to do
> proto 3 specific init for conn 0x7f7220f343b0
> /usr/sbin/opensips[505412]: ERROR:core:tcp_async_connect:
> tcp_conn_create failed
>
> Here my opensips.cfg:
>
> loadmodule "tls_mgm.so"
>
> /*#first the server domain */
> modparam("tls_mgm", "server_domain", "default")
> modparam("tls_mgm", "certificate",
> "[default]/etc/letsencrypt/live/sbc.mydomain.com/fullchain.pem
> <http://sbc.mydomain.com/fullchain.pem>")
> modparam("tls_mgm", "private_key",
> "[default]/etc/letsencrypt/live/sbc.mydomain.com/privkey.pem
> <http://sbc.mydomain.com/privkey.pem>")
> modparam("tls_mgm", "ca_list",
> "[default]/etc/letsencrypt/live/sbc.mydomain.com/inter.pem
> <http://sbc.mydomain.com/inter.pem>")
> modparam("tls_mgm", "match_sip_domain", "[default]sbc.mydomain.com
> <http://sbc.mydomain.com>")
> modparam("tls_mgm", "verify_cert", "[default]0")
> #modparam("tls_mgm", "require_cert", "[default]1")
> #modparam("tls_mgm", "ciphers_list", "[default]AES128-SHA256:AES256-SHA")
> modparam("tls_mgm", "tls_method", "[default]SSLv23")
>
>
> # #and the client domain
> modparam("tls_mgm", "client_domain", "client")
> modparam("tls_mgm", "certificate",
> "[client]/etc/letsencrypt/live/sbc.mydomain.com/fullchain.pem
> <http://sbc.mydomain.com/fullchain.pem>")
> modparam("tls_mgm", "private_key",
> "[client]/etc/letsencrypt/live/sbc.mydomain.com/privkey.pem
> <http://sbc.mydomain.com/privkey.pem>")
> modparam("tls_mgm", "ca_list",
> "[client]/etc/letsencrypt/live/sbc.mydomain.com/inter.pem
> <http://sbc.mydomain.com/inter.pem>")
> #modparam("tls_mgm", "ca_dir",
> "[client]/etc/letsencrypt/live/sbc.mydomain.com/
> <http://sbc.mydomain.com/>")
> modparam("tls_mgm", "match_sip_domain", "[client]sbc.mydomain.com
> <http://sbc.mydomain.com>")
>
> modparam("tls_mgm", "verify_cert", "[client]0")
> # modparam("tls_mgm", "require_cert", "[client]1")
> # modparam("tls_mgm", "ciphers_list", "[client]AES128-SHA256:AES256-SHA")
> modparam("tls_mgm", "tls_method", "[client]SSLv23")
>
> I also changed the certificates, using self signed in "server domain"
> only or "client domain" only. Same result.
>
> Using the openssl the verify the certificates, I receive a OK in console:
>
> fullchain.pem: OK
>
> The inter.pem is the file with the root and intermediate Letsencrypt
> certificates.
>
> On the Ms Teams side, I checked the FQDN used, checked the firewall
> ports etc.
>
> I followed this tutorial:
> https://blog.opensips.org/2019/09/16/opensips-as-ms-teams-sbc/ , so
> I'm using the Dynamic Routing module to send the OPTIONS packet. The
> opensips start the communication using TLS, I see the packets using
> TLS in 5061 port, but when Opensips will answer, this message appears
> on the console and the connection is closed.
>
> /usr/sbin/opensips[505398]: ERROR:tm:t_uac: attempt to send to
> 'sip:sip.pstnhub.microsoft.com <http://sip.pstnhub.microsoft.com>' failed
> /usr/sbin/opensips[505398]: ERROR:proto_tls:proto_tls_conn_init: no
> TLS client domain found
> /usr/sbin/opensips[505398]: ERROR:core:tcp_conn_create: failed to do
> proto 3 specific init for conn 0x7f7220f4df40
>
> What I'm not seeing? Did someone pass through this problem?
> Best regards
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20250310/7aa9a59e/attachment.html>
More information about the Users
mailing list