search for: ca_list_file

Thanks, Michael. A few questions: Is [transport_name] a reserved word, or am I supposed to replace it with a name of my own, like '[did-transport]'? Some of the keywords I haven't seen before. Is ca_list_file supposed to be an aggregate of the public and private key? And what are the 'method,' 'tos' and 'cos' keywords, which are commented out in your instructions? Otherwise, the rest is quite clear. On 4/8/2023 12:35 PM, Michael Maier wrote: > Hello Steve, > > use...

...client_hello-no shared cipher> len: 0 peer: 10.10.20.29:43357 Something with the encryption must have changed with asterisk. How can I get the device to register again? [transport-tls] type = transport protocol = tls bind = 0.0.0.0:5061 tos = cs5 cert_file = /etc/asterisk/cert/asterisk.pem ca_list_file = /etc/pki/tls/certs/ca-bundle.crt method = sslv23 'method = tlsv1' doesn't work, either.

Hey guys,tried to make tls work with pjsip on asterisk 13.2.0 have compiled pjsip with ssl, added transport [tls] type=transport cert_file=/pbx/keys/server.crt ca_list_file=/pbx/keys/ca.key priv_key_file=/pbx/keys/server.key protocol=tls bind=192.168.1.4:5061 local_net=192.168.1.0/24 external_media_address=77.77.77.77 external_signaling_address=77.77.77.77 have configured Grandstream GXP1400 to use tis and srtp, server.crt and server.key uploaded to phone ubuntu*CL...

Hello Steve, use the following configuration for the transport and bind this transport to the trunk: [transport_name] type=transport protocol=tls bind=192.168.13.24 ; your bind IP ca_list_file=/etc/pki/tls/certs/ca-bundle.crt ; method=tlsv1_2 verify_server=yes allow_reload=no ;tos=0xb8 ;cos=3 external_media_address=your.ext.host.name ; hostname pointing to your ext. IP external_signaling_address=your.ext.host.name ; hostname pointing to your ext. IP local_net=192.168.0.0/24 # your loca...

...d_auth/username = ... outbound_auth/password = ... endpoint/allow = !all,g722,alaw,ulaw endpoint/context = ingressEasybell endpoint/media_encryption = sdes registration/contact_user = extenHW In pjsip.conf is only the transport: [transport-tls] type=transport protocol=tls bind=192.168.3.50:5061 ca_list_file=/etc/pki/tls/certs/ca-bundle.crt cert_file=/etc/asterisk/cert/newc/mycert.pem priv_key_file=/etc/asterisk/cert/newc/mykey.pem After I finally found out that 'pjsip send register *all' should re-register, I tried it while it was still registered, and it said "Re-register all queue&qu...

...Current pjsip.conf file [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 local_net=10.50.55.0/24 external_media_address=<scrubbed public ip> external_signaling_address=<scrubbed public ip> cert_file=/etc/asterisk/keys/dev1.crt priv_key_file=/etc/asterisk/keys/dev1.key ca_list_file=/etc/asterisk/keys/ca.crt cipher=AES256-SHA method=tlsv1 ;===============EXTENSION 6001 [6000] type=endpoint context=internal disallow=all allow=ulaw auth=auth6000 aors=6000 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=no force_r...

On 7/6/19 10:40 AM, Michael Maier wrote: > On 05.07.19 at 22:02 hw wrote: >> >> openssl verify -CAfile ca.pem asterisk.pem >> asterisk.pem: OK >> >> >> When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers >> to the SIP provider and there is no error message).  Otherwise I'm >> getting the error message and asterisk does not

...CM_128_HMAC_SHA1_80 inline:Ojz7o69EOsPsdsRTgNO/wtRWPsrWc2NSnOidNcqh a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:20 a=maxptime:150 a=sendrecv both phones SPA502, force_rport disabled for tls phone, here is my transports: [tls] type=transport ca_list_file=/pbx/keys/asterisk.pem cert_file=/pbx/keys/asterisk.crt priv_key_file=/pbx/keys/asterisk.key method=sslv23 protocol=tls bind=192.168.1.4:5061 external_media_address=8.8.8.8:5061 external_signaling_address=8.8.8.8:5061 [udp] type=transport protocol=udp bind=192.168.1.4 local_net=192.168.1.0/24 exte...

On 1/21/2020 9:18 PM, hw wrote: > [transport-tls] > type = transport > protocol = tls > bind = 0.0.0.0:5061 > tos = cs5 > cert_file = /etc/asterisk/cert/asterisk.pem > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt > method = sslv23 This is what mine looks like which works just fine: [transport-tls] type          = transport protocol      = tls method        = tlsv1_2 cipher        = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA25...

I want to configure communication with my phone provider using TLS for all the obvious reasons. Since I'm behind a firewall, I'll be needing to do it with NAT. There are examples of UDP plus NAT in pjsip.conf, but none for TLS plus NAT. Would it be correct to set up the TLS transport stanza to look like the [transport-udp-nat] stanza example, replacing UDP with TLS in lines like

Hi, how do I make a bug report? I filled in the form to make a report and https://issues.asterisk.org/jira/issues/?filter=-2 still shows no issues reported by me. If someone knows how to get asterisk to re-register when using pjsip after the registration shows as Rejected, like after the internet connection to the VOIP provider goes away (and comes back), please let me know. This bug makes

On Thursday, January 23, 2020 11:31:46 PM CET Sean Bright wrote: > On 1/21/2020 9:18 PM, hw wrote: > > [transport-tls] > > type = transport > > protocol = tls > > bind = 0.0.0.0:5061 > > tos = cs5 > > cert_file = /etc/asterisk/cert/asterisk.pem > > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt > > method = sslv23 > > This is what mine looks like which works just fine: > > [transport-tls] > type = transport > protocol = tls > method = tlsv1_2 > cipher = > ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-R...

...============================================== Transport: transport-tls tls 0 0 0.0.0.0:5061 ParameterName : ParameterValue ====================================================== async_operations : 1 bind : 0.0.0.0:5061 ca_list_file : cert_file : /etc/asterisk/sslcert.pem cipher : cos : 0 domain : external_media_address : external_signaling_address : external_signaling_port : 0 local_net : met...