Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed to make it work, all my terminals spa Cisco 5XX look my cli [Jul 8 11:09:16] ERROR[14733]: pjsip:0 <?>: tlsc0x7f539801 TLS connect() error: Connection refused [code=120111] [Jul 8 11:09:16] WARNING[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed to send Request msg OPTIONS/cseq=48024 (tdta0x7f53c000dcb0)! err=120111 (Connection refused) [Jul 8 11:09:46] ERROR[14733]: pjsip:0 <?>: tlsc0x7f539801 TLS connect() error: Connection refused [code=120111] [Jul 8 11:09:46] WARNING[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed to send Request msg OPTIONS/cseq=31917 (tdta0x7f53c000dcb0)! err=120111 (Connection refused) someone has had good results with tls my config [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1 [XXXX] type=endpoint context=XX-Xip disallow=all allow=ulaw allow=alaw transport=transport-tls direct_media=no force_rport=yes rtp_symmetric=yes mailboxes=XXXX at default auth=XXXX aors=XXXX media_encryption=sdes dtmfmode=rfc4733 regardss -- rickygm http://gnuforever.homelinux.com
Asterisk13 can do native tls with each phone? Nice.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces
at lists.digium.com] On Behalf Of ricky gutierrez
Sent: Wednesday, July 08, 2015 3:06 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] tls on asterisk 13
Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed
to make it work, all my terminals spa Cisco 5XX
look my cli
[Jul 8 11:09:16] ERROR[14733]: pjsip:0 <?>: tlsc0x7f539801 TLS
connect() error: Connection refused [code=120111]
[Jul 8 11:09:16] WARNING[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed
to send Request msg OPTIONS/cseq=48024 (tdta0x7f53c000dcb0)!
err=120111 (Connection refused)
[Jul 8 11:09:46] ERROR[14733]: pjsip:0 <?>: tlsc0x7f539801 TLS
connect() error: Connection refused [code=120111]
[Jul 8 11:09:46] WARNING[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed
to send Request msg OPTIONS/cseq=31917 (tdta0x7f53c000dcb0)!
err=120111 (Connection refused)
someone has had good results with tls
my config
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1
[XXXX]
type=endpoint
context=XX-Xip
disallow=all
allow=ulaw
allow=alaw
transport=transport-tls
direct_media=no
force_rport=yes
rtp_symmetric=yes
mailboxes=XXXX at default
auth=XXXX
aors=XXXX
media_encryption=sdes
dtmfmode=rfc4733
regardss
--
rickygm
http://gnuforever.homelinux.com
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
ricky gutierrez wrote:> Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed > to make it work, all my terminals spa Cisco 5XX > > look my cli > > [Jul 8 11:09:16] ERROR[14733]: pjsip:0<?>: tlsc0x7f539801 TLS > connect() error: Connection refused [code=120111] > [Jul 8 11:09:16] WARNING[14733]: pjsip:0<?>: tsx0x7f53a8008 Failed > to send Request msg OPTIONS/cseq=48024 (tdta0x7f53c000dcb0)! > err=120111 (Connection refused) > [Jul 8 11:09:46] ERROR[14733]: pjsip:0<?>: tlsc0x7f539801 TLS > connect() error: Connection refused [code=120111] > [Jul 8 11:09:46] WARNING[14733]: pjsip:0<?>: tsx0x7f53a8008 Failed > to send Request msg OPTIONS/cseq=31917 (tdta0x7f53c000dcb0)! > err=120111 (Connection refused) > > someone has had good results with tls > > my config > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > cert_file=/etc/asterisk/keys/asterisk.crt > priv_key_file=/etc/asterisk/keys/asterisk.key > method=tlsv1 > > [XXXX] > type=endpoint > context=XX-Xip > disallow=all > allow=ulaw > allow=alaw > transport=transport-tls > direct_media=no > force_rport=yes > rtp_symmetric=yes > mailboxes=XXXX at default > auth=XXXX > aors=XXXX > media_encryption=sdes > dtmfmode=rfc4733You probably want to add "rewrite_contact=yes" to your endpoint. This will cause it to reuse the existing connection established from the phone. Generally the port provided by the phone is not reachable. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org
2015-07-08 13:09 GMT-06:00 Ryan, Travis <RyanT at oscarwinski.com>:> Asterisk13 can do native tls with each phone? Nice. >any example? rickygm http://gnuforever.homelinux.com
2015-07-08 13:11 GMT-06:00 Joshua Colp <jcolp at digium.com>:> You probably want to add "rewrite_contact=yes" to your endpoint. This will > cause it to reuse the existing connection established from the phone. > Generally the port provided by the phone is not reachable. >Hi Joshua , I add the option you recommended but still can not connect, the strange thing is that I get another message always using TLS transport [Jul 8 14:28:45] NOTICE[2498]: res_pjsip/pjsip_distributor.c:256 log_unidentified_request: Request from '"X00X" <sip:X00X at 172.16.8.55>' failed for '172.16.8.179:5065' (callid: 5ece51c0-9ed5173a at 172.16.8.179) - No matching endpoint found <--- Transmitting SIP response (479 bytes) to TLS:172.16.8.179:5065 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 172.16.8.179:5065;rport=5065;received=172.16.8.179;branch=z9hG4bK-27b9198a Call-ID: 5ece51c0-9ed5173a at 172.16.8.179 From: "X00X" <sip:X00X at 172.16.8.55>;tag=ff2e31b0cc3d380ao3 To: <sip:172.16.8.55>;tag=z9hG4bK-27b9198a CSeq: 54 NOTIFY WWW-Authenticate: Digest realm="asterisk",nonce="1436387325/20cc7b903ffd92277b22c633e27854de",opaque="5b36911758ac6b0e",algorithm=md5,qop="auth" Server: Asterisk PBX 13.4.0 Content-Length: 0 regardss
On Wed, 2015-07-08 at 15:09 -0400, Ryan, Travis wrote:> Asterisk13 can do native tls with each phone? Nice.Some soft phone support TLS, but does anybody knows a soft phone that support pkcs11? (keys & certs stored on a smart-card) Hans
I did using acrobits groundwire on asterisk 13.7.2 Had to add a statement in pjsip.endpointxxx I do not have it in mind but can look it up for you tomorrow. Sent from my iPhone> On Jul 8, 2015, at 9:05 PM, ricky gutierrez <xserverlinux at gmail.com> wrote: > > Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed > to make it work, all my terminals spa Cisco 5XX > > look my cli > > [Jul 8 11:09:16] ERROR[14733]: pjsip:0 <?>: tlsc0x7f539801 TLS > connect() error: Connection refused [code=120111] > [Jul 8 11:09:16] WARNING[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed > to send Request msg OPTIONS/cseq=48024 (tdta0x7f53c000dcb0)! > err=120111 (Connection refused) > [Jul 8 11:09:46] ERROR[14733]: pjsip:0 <?>: tlsc0x7f539801 TLS > connect() error: Connection refused [code=120111] > [Jul 8 11:09:46] WARNING[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed > to send Request msg OPTIONS/cseq=31917 (tdta0x7f53c000dcb0)! > err=120111 (Connection refused) > > someone has had good results with tls > > my config > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > cert_file=/etc/asterisk/keys/asterisk.crt > priv_key_file=/etc/asterisk/keys/asterisk.key > method=tlsv1 > > [XXXX] > type=endpoint > context=XX-Xip > disallow=all > allow=ulaw > allow=alaw > transport=transport-tls > direct_media=no > force_rport=yes > rtp_symmetric=yes > mailboxes=XXXX at default > auth=XXXX > aors=XXXX > media_encryption=sdes > dtmfmode=rfc4733 > > > regardss > > -- > rickygm > > http://gnuforever.homelinux.com > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users