<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Francisco,<br>
<br>
OK, the CP and TLS part now working ok, you moved into a different
area, the MST one :P . have you checked
<a class="moz-txt-link-freetext" href="https://blog.opensips.org/2019/09/16/opensips-as-ms-teams-sbc/">https://blog.opensips.org/2019/09/16/opensips-as-ms-teams-sbc/</a> ?<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/17/22 7:55 PM, Francisco Neto
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:753ef653-2cc2-4a28-9777-4770a163e682@Spark">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<div name="messageBodySection">
<div dir="auto">About the parameter "TLSv1-“ is everything ok,
after the reload. No DB errors.<br>
<br>
I’ve found another difficulties, but with the changes below
open sips is running fine with tls_mgm on db now.<br>
<br>
First I have change the memory parameter and start open sips
with 256mb of memory and package memory<br>
<br>
Them the error has changed again, and I discover that on the
conf file I have informed the “CA Directory”, so I fill it on
the CP too and all errors have disappeared.<br>
<br>
Now my difficult is to correctly establishes the communication
with microsoft teams. I don’t know what I’m doing wrong but MS
are not identifying my SIP options….<br>
<br>
<br>
</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><img
src="cid:part1.5F155C11.150C291D@opensips.org" class=""><br>
</div>
</div>
<div name="messageReplySection">Em 17 de ago. de 2022 13:17 -0300,
Bogdan-Andrei Iancu <a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a>, escreveu:<br>
<blockquote type="cite" style="border-left-color: grey;
border-left-width: thin; border-left-style: solid; margin: 5px
5px;padding-left: 10px;">
<font face="monospace">You can add extra methods in the combo,
not a problem - the question is if opensips will understand
it when loading from DB - do you see any errors on reload ?<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/17/22 5:52 PM, Francisco
Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:fa46243a-bd93-4b24-8499-bbf8eec3d3e8@Spark">
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei!!<br>
<br>
I’ve made the changes on the code as you requested. On
CP I could fill the match_sip_domain With * and update
the item, after that the errors on log file have changed
a lot now.<br>
Below are the errors that are appearing to me now<br>
<br>
By the way, directly on the config file the SSL Method
that works better for me was “TLSv1-“. This option
didn’t exist on tviewer.inc.php, but I have created this
option on the file. Does it have any problem to add a
new valid combo option??<br>
<br>
Thanks!<br>
<br>
ERROR:proto_tls:proto_tls_send: failed to send<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto
tls/3 failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip2.pstnhub.microsoft.com:5061"
moz-do-not-send="true">sip:sip2.pstnhub.microsoft.com:5061</a>'
failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: SSL_ERROR_SYSCALL
err=Resource temporarily unavailable(11)<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: New TLS
connection to 52.114.76.76:5061 failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: TLS error: 5
(ret=-1) err=Resource temporarily unavailable(11)<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:proto_tls:tls_read_req: failed to do pre-tls
handshake!<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:openssl_tls_connect: New TLS
connection to 52.114.14.70:5061 failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:openssl_tls_connect: TLS error: 1
(ret=-1) err=Success(0)<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:tls_print_errstack: TLS errstack:
error:1416F086:SSL
routines:tls_process_server_certificate:certificate
verify failed</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><br>
</div>
</div>
<div name="messageReplySection">Em 17 de ago. de 2022 04:29
-0300, Bogdan-Andrei Iancu
<a class="moz-txt-link-rfc2396E"
href="mailto:bogdan@opensips.org" moz-do-not-send="true"><bogdan@opensips.org></a>,
escreveu:<br>
<blockquote type="cite" style="border-left-color: grey;
border-left-width: thin; border-left-style: solid;
margin: 5px 5px;padding-left: 10px;">
<font face="monospace">Hi Francisco,<br>
<br>
Please check <a class="moz-txt-link-freetext"
href="https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c"
moz-do-not-send="true">
https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c</a>
- update again and give it a try by adding "*" for the
match_domain<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/16/22 11:32 PM,
Francisco Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:16c92b38-4306-411c-bf35-b62f88cd2975@Spark">
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei!<br>
<br>
Actually I’ve tried with using sip domain as
blank, with * it didn’t let me press update on CP,
and with the client certificate (fqdn and domain
part only) and in all scenarios the error is the
same as described below:<br>
<br>
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7efe29a648a8<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create
failed, closing the socket<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.132.46:5061
for proto tls/3 failed<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip.pstnhub.microsoft.com:5061"
moz-do-not-send="true">sip:sip.pstnhub.microsoft.com:5061</a>'
failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7efe29b341a8<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create
failed, closing the socket<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for
proto tls/3 failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip2.pstnhub.microsoft.com:5061"
moz-do-not-send="true">sip:sip2.pstnhub.microsoft.com:5061</a>'
failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7efe29a17ec8<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create
failed, closing the socket<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.14.70:5061 for
proto tls/3 failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip3.pstnhub.microsoft.com:5061"
moz-do-not-send="true">sip:sip3.pstnhub.microsoft.com:5061</a>'
failed<br>
<br>
Below is my actual config section about TLS<br>
<br>
loadmodule "proto_tls.so"<br>
modparam("proto_tls","tls_max_msg_chunks", 8)<br>
modparam("proto_tls","tls_handshake_timeout", 600)<br>
modparam("proto_tls", "tls_send_timeout", 2000)<br>
<br>
<br>
loadmodule "tls_openssl.so"<br>
loadmodule "tls_mgm.so"<br>
modparam("tls_mgm",
"db_url","mysql://opensips:XXXXXXXXXX@localhost/opensips")<br>
modparam("tls_mgm", "db_table", "tls_mgm")<br>
modparam("tls_mgm", "client_sip_domain_avp",
"tls_sip_dom")<br>
</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><br>
</div>
</div>
<div name="messageReplySection">Em 11 de ago. de 2022
12:59 -0300, Bogdan-Andrei Iancu
<a class="moz-txt-link-rfc2396E"
href="mailto:bogdan@opensips.org"
moz-do-not-send="true">
<bogdan@opensips.org></a>, escreveu:<br>
<blockquote type="cite" style="border-left-color:
grey; border-left-width: thin; border-left-style:
solid; margin: 5px 5px;padding-left: 10px;">
<font face="monospace">Hi Francisco,<br>
<br>
So, if you use wildcard for</font> <font
face="monospace">match_sip_domain in the client
TLS domain, doesn't work for you ?<br>
<br>
Regards.<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/10/22 5:03 PM,
Francisco Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d8ec8b2d-9ffb-4741-a3b4-63ff4f662376@Spark">
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei!<br>
<br>
I’ve made the changes and now I can edit the
TLS certificates normally by control panel
but I continue having a problem.<br>
<br>
If I configure the certificate directly on
the configuration file the connection with
Microsoft Teams is correctly established, if
I configure through control panel, I receive
on log the following messages:<br>
<br>
ERROR:proto_tls:proto_tls_conn_init: no TLS
client domain found<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do
proto 3 specific init for conn
0x7f22a5f993d0<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create
failed, closing the socket<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect
failed<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to
52.114.132.46:5061 for proto tls/3 failed<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]: ERROR:tm:t_uac:
attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip.pstnhub.microsoft.com"
moz-do-not-send="true">sip:sip.pstnhub.microsoft.com</a>'
failed<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS
client domain found<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do
proto 3 specific init for conn
0x7f22a5f91420<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create
failed, closing the socket<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect
failed<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to
52.114.76.76:5061 for proto tls/3 failed<br>
Aug 10 11:00:04 bowser
/usr/sbin/opensips[55047]: ERROR:tm:t_uac:
attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip2.pstnhub.microsoft.com"
moz-do-not-send="true">sip:sip2.pstnhub.microsoft.com</a>'
failed<br>
Aug 10 11:00:05 bowser
/usr/sbin/opensips[55047]:
ERROR:core:tcp_connect_blocking_timeout:
connect timed out, 599667 us elapsed out of
600000 us<br>
Aug 10 11:00:05 bowser
/usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect_fd:
tcp_blocking_connect failed<br>
Aug 10 11:00:05 bowser
/usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect
failed<br>
Aug 10 11:00:05 bowser
/usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to
52.114.32.169:5061 for proto tls/3 failed<br>
Aug 10 11:00:05 bowser
/usr/sbin/opensips[55047]: ERROR:tm:t_uac:
attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip3.pstnhub.microsoft.com"
moz-do-not-send="true">sip:sip3.pstnhub.microsoft.com</a>'
failed<br>
Aug 10 11:00:09 bowser
/usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS
client domain found<br>
<br>
I will send attached the screenshot of the
control panel and below the configuration
that works.<br>
<br>
If it isn’t related to the same problem tell
me and I send the message to the open list
ok!<br>
<br>
Thanks!<br>
<br>
# TLS CLIENT<br>
#modparam("tls_mgm", "client_domain",
"sbcsothis")<br>
#modparam("tls_mgm", "match_sip_domain",
"[sbcsothis]*")<br>
#modparam("tls_mgm", "match_ip_address",
"[sbcsothis]*")<br>
#modparam("tls_mgm", "verify_cert",
"[sbcsothis]1")<br>
#modparam("tls_mgm", "require_cert",
"[sbcsothis]1")<br>
#modparam("tls_mgm", "tls_method",
"[sbcsothis]TLSv1-")<br>
#modparam("tls_mgm", "certificate",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")<br>
#modparam("tls_mgm", "private_key",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")<br>
#modparam("tls_mgm", "ca_list",
"[sbcsothis]/etc/ssl/certs/ca-certificates.crt")<br>
#modparam("tls_mgm", "ca_dir",
"[sbcsothis]/etc/ssl/certs/")Config file<br>
<br>
</div>
</div>
<div name="messageSignatureSection"><br>
</div>
</blockquote>
</blockquote>
</div>
</blockquote>
<br>
</blockquote>
</div>
</blockquote>
<br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>