<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Jehanzaib,<br>
<br>
The sequence for the MST TLS domains is wrong.<br>
<br>
For each TLS domain block, you need to start only with a </font><font
face="monospace">server_domain or client_domain - of course,
different names. And for each domain you need you set the matching
conditions. See
<a class="moz-txt-link-freetext" href="https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param">https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param</a><br>
<br>
Basically something like:<br>
</font><br>
<font face="monospace">modparam("tls_mgm", "server_domain",
"formsteams_server")<br>
modparam("tls_mgm", "match_ip_address", "</font><font
face="monospace"><font face="monospace"><font face="monospace">[formsteams_server]</font></font>....")<br>
modparam("tls_mgm", "match_sip_domain", "</font><font
face="monospace"><font face="monospace"><font face="monospace">[formsteams_server]....</font></font>")<font
face="monospace"><br>
modparam("tls_mgm", "certificate", "[formsteams_server].....)<br>
....<br>
</font><br>
<br>
modparam("tls_mgm", "client_domain", </font><font
face="monospace"><font face="monospace"><font face="monospace">"formsteams_client"</font></font>)<br>
</font><font face="monospace"><font face="monospace">modparam("tls_mgm",
"match_ip_address", "</font><font face="monospace"><font
face="monospace"><font face="monospace">[formsteams_client]</font></font>....")<br>
modparam("tls_mgm", "match_sip_domain", "</font><font
face="monospace"><font face="monospace"><font face="monospace">[formsteams_client]....</font></font>")<br>
</font>modparam("tls_mgm", "certificate",
"[formsteams_client].....)<br>
....<br>
<br>
<br>
Best regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS eBootcamp 23rd May - 3rd June 2022
<a class="moz-txt-link-freetext" href="https://opensips.org/training/OpenSIPS_eBootcamp_2022/">https://opensips.org/training/OpenSIPS_eBootcamp_2022/</a></pre>
<div class="moz-cite-prefix">On 5/18/22 2:38 AM, Jehanzaib Younis
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAKrJzCz96JhfaR23jqgeb_=LhM==x-AKnjs1V9jP5Aheu+L98A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi Bogdan,
<div>That's the problem, when I try to add the client_domain I
get an error. Actually, I have a working config for webrtc but
now I am adding a new domain for MS teams direct route. In
fact, any other domain gives an error. If I disable MS Teams
domain, the opensips do not give an error message and my
webrtc client can connect without any issue. </div>
<div><br>
</div>
<div>loadmodule "tls_mgm.so"<br>
modparam("tls_mgm", "tls_library", "wolfssl")<br>
<br>
#### (WebRTC) Client<br>
modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")<br>
modparam("tls_mgm", "certificate",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")<br>
modparam("tls_mgm", "private_key",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")<br>
modparam("tls_mgm", "ca_list",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")<br>
modparam("tls_mgm", "ca_dir",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")<br>
modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")<br>
modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")<br>
modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")<br>
<br>
### This is for MS-Teams direct route <br>
modparam("tls_mgm", "server_domain", "<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>")<br>
modparam("tls_mgm", "client_domain", "<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>")<br>
modparam("tls_mgm", "certificate", "[<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>]/etc/letsencrypt/live/<a
href="http://dom1.formsteams.com/cert.pem"
moz-do-not-send="true">dom1.formsteams.com/cert.pem</a>")<br>
modparam("tls_mgm", "private_key", "[<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>]/etc/letsencrypt/live/<a
href="http://dom1.formsteams.com/privkey.pem"
moz-do-not-send="true">dom1.formsteams.com/privkey.pem</a>")<br>
modparam("tls_mgm", "ca_list", "[<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>]/etc/letsencrypt/live/<a
href="http://dom1.formsteams.com/fullchain.pem"
moz-do-not-send="true">dom1.formsteams.com/fullchain.pem</a>")<br>
modparam("tls_mgm", "ca_dir", "[<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>]/etc/letsencrypt/live/<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>")<br>
modparam("tls_mgm", "tls_method", "[<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>]SSLv23")<br>
modparam("tls_mgm", "verify_cert", "[<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>]1")<br>
modparam("tls_mgm", "require_cert", "[<a
href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a>]1")<br>
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")</div>
<div><br>
</div>
<div>When i enable the MS-Teams direct route domain i get the
below error:</div>
<div>no certificate for tls domain '
<a href="http://dom1.formsteams.com" moz-do-not-send="true">dom1.formsteams.com</a> '
defined<br>
</div>
<div><br>
</div>
<div><br>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div>Regards,</div>
<div>Jehanzaib</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, May 18, 2022 at 3:04
AM Bogdan-Andrei Iancu <<a
href="mailto:bogdan@opensips.org" moz-do-not-send="true">bogdan@opensips.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div> <font face="monospace">Hi Jehanzaib,<br>
<br>
What are the TLS client domains you have defined in your
tls_mgm module ?<br>
<br>
Regards,<br>
</font>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a href="https://www.opensips-solutions.com" target="_blank" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS eBootcamp 23rd May - 3rd June 2022
<a href="https://opensips.org/training/OpenSIPS_eBootcamp_2022/" target="_blank" moz-do-not-send="true">https://opensips.org/training/OpenSIPS_eBootcamp_2022/</a></pre>
<div>On 5/17/22 4:32 PM, Jehanzaib Younis wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I am having trouble to send/receive OPTIONS to ms
teams. </div>
<div>Using the dispatcher module. The socket is defined
as tls:<b>mysbcip</b>:5061</div>
<div>Looks like when my opensips (3.2.x) tries to send
OPTIONS. it is giving me the following error </div>
<div><b><br>
</b></div>
<div>ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found</div>
<div>ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7f00ef2a85a0<br>
</div>
<div>ERROR:core:tcp_async_connect: tcp_conn_create
failed<br>
</div>
<div>ERROR:proto_tls:proto_tls_send: async TCP connect
failed<br>
</div>
<div>ERROR:tm:msg_send: send() to <a
href="http://52.114.76.76:5061" target="_blank"
moz-do-not-send="true">52.114.76.76:5061</a> for
proto tls/3 failed<br>
</div>
<div>ERROR:tm:t_uac: attempt to send to '<a
moz-do-not-send="true">sip:sip3.pstnhub.microsoft.com:5061;transport:tls</a>'
failed<br>
</div>
<div><br>
</div>
<div>I am setting the Contact as <a
moz-do-not-send="true"><sip:mytlsdomain:5061;transport=tls></a></div>
<div><br>
</div>
<div>Looks like the client domain is used for outgoing
TLS connection but no idea which domain i need to add
here. The socket is my opensips ip address.</div>
<div><br>
</div>
<div>Has anyone seen a similar kind of behaviour?</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br clear="all">
<div>
<div dir="ltr">
<div>Regards,</div>
<div>Jehanzaib</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank" moz-do-not-send="true">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>