<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><br>
</p>
Hi Bogdan,<br>
<br>
This issue is seems to be related to force_send_socket which behaves differently in 1.11 vs 1.7. To make it work, I had to explicitly specify the port and and the proto (for force_send_socket) based on "transport=tls" statement and the direction of the traffic.<br>
<br>
Matt<br>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Bogdan-Andrei Iancu <bogdan@opensips.org><br>
<b>Sent:</b> Monday, August 31, 2015 4:19 PM<br>
<b>To:</b> OpenSIPS users mailling list; Matt Hamilton<br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
Indeed, the SIP messages do look ok.<br>
<br>
Could you post the OpenSIPS logs (in debug 4) for processing the NOTIFY request ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a title="Ctrl+Click or tap to follow the link" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 31.08.2015 20:07, Matt Hamilton wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi Bogdan,</p>
<p><br>
</p>
<p>Pastebin link is <a id="LPlnk865729" href="http://pastebin.com/tM7zqTKX">http://pastebin.com/tM7zqTKX</a></p>
<p><br>
</p>
<p>I included both 1.7.1 and 1.11 captures. I don't see a difference between them other than 1.11 sending the NOTIFY to UAC unencrypted. </p>
<p>Btw, INVITEs seems to be behaving the same way as NOTIFY (don't have a capture for those - I assume the issue is the same).
</p>
<p><br>
</p>
<p>Btw, TLS works fine between Opensips 1.11 and the phone (OK messages, etc. are encrypted). </p>
<p><br>
</p>
<p>Thanks,</p>
<p>Matt<br>
</p>
<p><br>
</p>
<div id="LPBorder_GT_14410401972370.8445848218100495" style="margin-top:20px; margin-bottom:20px; overflow:auto; width:100%">
<table id="LPContainer_14410401972340.5586958453477071" style="border-top:1px solid rgb(204,204,204); border-bottom:1px solid rgb(204,204,204); width:80%; background-color:rgb(255,255,255); overflow:auto">
<tbody>
<tr valign="top">
<td colspan="1" id="ImageCell_14410401972350.25229675325672773" style="width:140px; display:table-cell; padding:0px">
<div id="LPImageContainer_14410401972350.22776678362093794" style="margin-top:12px; background-color:rgb(255,255,255); height:auto; width:140px; display:table">
<a target="_blank" href="http://pastebin.com/tM7zqTKX" id="LPImageAnchor_14410401972360.9279506207725204" style="display:table-cell; text-align:center"><img style="display:inline-block; margin-left:auto; margin-right:auto; max-width:140px; max-height:140px; height:140px; width:140px; border-width:0px" height="140" width="140" src="http://pastebin.com/i/fb2.jpg"></a></div>
</td>
<td>
<div id="LPTitle_14410401972370.6280544602592454" style="">Opensips TLS - Pastebin.com</div>
<div id="LPUrlContainer_14410401972370.2557659588497925" style="margin:8px 14px 10px; height:18px; text-overflow:ellipsis; overflow:hidden; white-space:nowrap">
<a target="_blank" href="http://pastebin.com/tM7zqTKX" id="LPUrlAnchor_14410401972370.691789212973732" style="">Read more...</a></div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<div style="color:rgb(0,0,0)">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Bogdan-Andrei Iancu
<a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a><br>
<b>Sent:</b> Monday, August 31, 2015 5:21 AM<br>
<b>To:</b> OpenSIPS users mailling list; <a class="moz-txt-link-abbreviated" href="mailto:mistral9999@hotmail.com">
mistral9999@hotmail.com</a><br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
Can you post of pastebin (or similar) the SIP capture showing the incoming NOTIFY (via UDP) from Asterisk and the outgoing NOTIFY (supposedly via TLS) to UAC ?<br>
Also the SUBSCRIBE request going from OpenSIPS to Asterisk will help alot.<br>
<br>
Regards, <br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 30.08.2015 18:22, Matt Hamilton wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p><br>
</p>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
We use Opensips (with TLS) as a dispatcher to multiple Asterisk servers. Currently we are in the process of upgrading from 1.7.1 to 1.11.5, and we ran into a discrepancy between 1.7.1 and 1.11.5 regarding SIP NOTIFY messages.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
Here is the flow (both ways):</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
UAC (TLS) -> Opensips (UDP)-> Asterisk </div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<span style="font-size:12pt">Asterisk </span><span style="font-size:12pt"> (UDP)</span><span style="font-size:12pt"> -> Opensips (</span><span style="font-size:12pt">TLS</span><span style="font-size:12pt">)-> UAC</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<span style="font-size:12pt"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
In 1.7.1, all messages between Opensips and UAC were encrypted - didn't matter if it was originated at UAC or Asterisk.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
In 1.11.5, the SIP NOTIFY messages coming from Asterisk are sent to UAC unencrypted (and not accepted by UAC). Here is the request that Opensips receives and sends to the UAC in plaintext:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="margin-top:0px; margin-bottom:0px"><font face="Calibri, Arial, Helvetica, sans-serif">Request-Line: NOTIFY
<a class="moz-txt-link-abbreviated" href="mailto:sip:101@1.2.3.4:5075;transport=tls;nat=yes">
sip:101@1.2.3.4:5075;transport=tls;nat=yes</a> SIP/2.0</font><br>
</div>
<div style="margin-top:0px; margin-bottom:0px"><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font face="Calibri, Arial, Helvetica, sans-serif">Anything we can do to have that leg encrypted as well?</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font face="Calibri, Arial, Helvetica, sans-serif">Thanks,</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font face="Calibri, Arial, Helvetica, sans-serif">Matt</font></div>
<div><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre>_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre>_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
</body>
</html>