<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="Calibri Light">Hello<br>
<br>
I have used letsenrypt for generating certs for Opensips.<br>
<br>
Regarding configuration i have fallowed your configuration steps
on OpenSips blog.<br>
<br>
socket=udp:xxx.xxx.xxx.xxx:5060 # CUSTOMIZE ME<br>
socket=tls:xxx.xxx.xxx.xxx:5061<br>
<br>
<br>
<br>
<br>
### Proto TLS<br>
loadmodule "proto_tls.so"<br>
modparam("proto_tls", "tls_handshake_timeout", 300)<br>
#### TLS module<br>
loadmodule "tls_mgm.so"<br>
#modparam("tls_mgm", "db_url",
"mysql://root:xxxx@localhost/opensips")<br>
modparam("tls_mgm", "client_sip_domain_avp", "</font><font
face="Calibri Light"><font face="Calibri Light">mtsbcs.test.com</font>")<br>
modparam("tls_mgm", "server_domain", "mt")<br>
#modparam("tls_mgm", "match_ip_address",
"[mt]xxx.xxx.xxx.xxx:5061")<br>
#modparam("tls_mgm", "match_sip_domain", "[mt]</font><font
face="Calibri Light"><font face="Calibri Light">mtsbcs.test.com</font>")<br>
modparam("tls_mgm", "certificate", "[mt]/etc/letsencrypt/live/</font><font
face="Calibri Light"><font face="Calibri Light">mtsbcs.test.com</font>/cert.pem")<br>
modparam("tls_mgm", "private_key", "[mt]/etc/letsencrypt/live/</font><font
face="Calibri Light"><font face="Calibri Light">mtsbcs.test.com</font>/privkey.pem")<br>
modparam("tls_mgm", "ca_list",
"[mt]/etc/ssl/certs/ca-certificates.crt")<br>
modparam("tls_mgm", "ca_dir", "[mt]/etc/ssl/certs/")<br>
modparam("tls_mgm","verify_cert", "[mt]1")<br>
modparam("tls_mgm","require_cert", "[mt]1")<br>
modparam("tls_mgm","tls_method", "[mt]TLSv1_2")<br>
modparam("proto_tls", "tls_max_msg_chunks", 8)<br>
#modparam("tls_mgm", "tls_handshake_timeout", 300)<br>
<br>
if(is_method("OPTIONS") && is_domain_local("$rd")
&& check_source_address(0)) {<br>
xlog("L_INFO", "[MS TEAMS] OPTIONS In");<br>
send_reply(200, "OK");<br>
exit;<br>
}<br>
<br>
<br>
local_route {<br>
$var(dst) = "pstnhub.microsoft.com";<br>
xlog("L_INFO","promding TEST");<br>
xlog("TESTING");<br>
if (is_method("OPTIONS") && ($(ru{s.index, $var(dst)})
!= NULL))<br>
append_hf("Contact: <sip:</font><font face="Calibri Light"><font
face="Calibri Light"><font face="Calibri Light">mtsbcs.test.com</font></font>:5061;transport=tls>\r\n");<br>
xlog("L_INFO", "SEDING OPTIONS TO SBC");<br>
}<br>
<br>
<br>
I thnk that the main issue is that OPENSIPS does not send
encrypted OPTION to MS teams.<br>
<br>
Logs:<br>
<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac:
next_hop=<a class="moz-txt-link-rfc2396E" href="sip:sip.pstnhub.microsoft.com"><sip:sip.pstnhub.microsoft.com></a><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:mk_proxy: doing DNS
lookup...<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:sip_resolvehost: no
port, has proto -> do SRV lookup!<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup:
resolving [sip.pstnhub.microsoft.com]<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup:
SRV(_sips._tcp.sip.pstnhub.microsoft.com) =
sip.pstnhub.microsoft.com:5061<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
sip2.pstnhub.microsoft.com:5061<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
sip3.pstnhub.microsoft.com:5061<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: sending socket
is 212.13.249.132 <br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:print_request_uri:
<a class="moz-txt-link-freetext" href="sip:sip.pstnhub.microsoft.com">sip:sip.pstnhub.microsoft.com</a><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route:
building sip_msg from buffer<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: SIP
Request:<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg:
method: <OPTIONS><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg:
uri: <a class="moz-txt-link-rfc2396E" href="sip:sip.pstnhub.microsoft.com"><sip:sip.pstnhub.microsoft.com></a><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg:
version: <SIP/2.0><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=ffffffffffffffff<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via_param:
found param type 232, <branch> =
<z9hG4bK8d8a.3706b135.0>; state=16<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via: end of
header reached, state=5<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: via
found, flags=ffffffffffffffff<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: this
is the first via<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: end of
header reached, state=9<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to:
display={}, ruri={<a class="moz-txt-link-freetext" href="sip:sip.pstnhub.microsoft.com">sip:sip.pstnhub.microsoft.com</a>}<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field:
<To> [31]; uri=[<a class="moz-txt-link-freetext" href="sip:sip.pstnhub.microsoft.com">sip:sip.pstnhub.microsoft.com</a>] <br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: to
body [<a class="moz-txt-link-freetext" href="sip:sip.pstnhub.microsoft.com#015#012">sip:sip.pstnhub.microsoft.com#015#012</a>]<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: cseq
<CSeq>: <14> <OPTIONS><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field:
content_length=0<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field:
found end of header<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=ffffffffffffffff<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=78<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=ffffffffffffffff<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route:
Change in local route -> rebuilding buffer<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=2000<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=ffffffffffffffff<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs:
flags = 15<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs:
hdr 2 extracted as <To:
<a class="moz-txt-link-freetext" href="sip:sip.pstnhub.microsoft.com#015#012">sip:sip.pstnhub.microsoft.com#015#012</a>><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs:
hdr 1 extracted as <From:
<a class="moz-txt-link-rfc2396E" href="sip:prober@localhost"><sip:prober@localhost></a>;tag=a665d66adab06c7308a33b8567de92d6-f627#015#012><br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs:
hdr 8 extracted as <Call-ID:
<a class="moz-txt-link-abbreviated" href="mailto:12e30be047c27077-1020@212.13.249.132#015#012">12e30be047c27077-1020@212.13.249.132#015#012</a>><br>
May 10 08:53:10 mtsbc opensips[1020]:
DBG:proto_tls:proto_tls_send: no open tcp connection found,
opening new one<br>
May 10 08:53:10 mtsbc opensips[1020]:
DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384<br>
May 10 08:53:10 mtsbc opensips[1020]:
DBG:core:probe_max_sock_buff: using snd buffer of 416 kb<br>
May 10 08:53:10 mtsbc opensips[1020]:
DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 5<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:print_ip:
tcpconn_new: new tcp connection to: 52.114.75.24<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_new: on
port 5061, proto 3<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
Creating a whole new ssl connection<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
destroying connection 0x7f45d7e08078, flags 0018<br>
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe:
[0]: 0x7f45d7e066b0 (1625)<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:timer_routine: timer
routine:0,tl=0x7f45d7e066b0 next=(nil), timeout=1625<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:tm:final_response_handler: Cancel sent out, sending 408
(0x7f45d7e06460)<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:tm:t_should_relay_response: T_code=0, new_code=408<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_pick_branch: picked
branch 0, code 408 (prio=800)<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:is_3263_failure:
dns-failover test: branch=0, last_recv=408, flags=0<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:tm:t_should_relay_response: trying DNS-based failover<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:do_dns_failover: new
destination available<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=2000<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:core:build_req_buf_from_sip_req: id added: <;i=0>, rcv
proto=3<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers:
flags=ffffffffffffffff<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:proto_tls:proto_tls_send: no open tcp connection found,
opening new one<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:core:probe_max_sock_buff: using snd buffer of 416 kb<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 5<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip:
tcpconn_new: new tcp connection to: 52.114.132.46<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on
port 5061, proto 3<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
Creating a whole new ssl connection<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
destroying connection 0x7f45d7e08078, flags 0018<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:proto_tls:proto_tls_send: no open tcp connection found,
opening new one<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:core:probe_max_sock_buff: using snd buffer of 416 kb<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 5<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip:
tcpconn_new: new tcp connection to: 52.114.14.70<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on
port 5061, proto 3<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
Creating a whole new ssl connection<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
destroying connection 0x7f45d7e08078, flags 0018<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply:
branch=0, save=0, winner=0<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: local
transaction completed<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:run_trans_callbacks:
trans=0x7f45d7e06460, callback type 256, id 0 entered<br>
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe:
[2]: 0x7f45d7e064e0 (1630)<br>
May 10 08:53:15 mtsbc opensips[1020]:
DBG:tm:final_response_handler: done<br>
<br>
<br>
<br>
Thank you<br>
miha<br>
<br>
</font>
</body>
</html>