search for: tlsclientmethod

...:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed! I tried both signed and self-signed cert to no avail. Here is my Configuration: Sip.conf tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/box1.pem tlscapath=/etc/asterisk/keys tlscipher=ALL tlsclientmethod=tlsv1 sip.conf ext. [5006] type=peer context=sipext call-limit=3 trustrpid=no callerid="Rec" <5006> disallow=all allow=ulaw allow=alaw username=5006 secret=9fcbb025200881850526bc57d59885c3 dtmfmode=rfc2833 host=dynamic mailbox=5006 nat=yes canreinvite=no transpo...

...so could you provide the details? I have this in Asterisk sip.conf (loaded through FreePBXs sip_general_additional.conf). tcpenable=yes tlsenable=yes tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt tlscafile=/etc/pki/tls/certs/ca-bundle.crt tlsdontverifyserver=yes tlscipher=ALL tlsclientmethod=tlsv1 And I have this for the test device context: [41712] deny=0.0.0.0/0.0.0.0 secret=NearlyANastyThat dtmfmode=rfc2833 canreinvite=no context=from-internal host=dynamic trustrpid=yes sendrpid=no type=friend nat=no port=5060 qualify=yes qualifyfreq=60 transport=tls,udp,tcp avpf=no force_avp=no i...

...ror:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 handle_tcptls_connection: FILE * open failed! I have in sip.conf : tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlsdontverifyserver=yes tlscipher=ALL ;tlsclientmethod=tlsv2 /etc/asterisk/keys : -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt -rw------- 1 root root 574 okt 26 14:24 asterisk.csr -rw------- 1 root root 887 okt 26 14:24 asterisk.key -rw------- 1 root root 2,1K okt 26 14:25 asterisk.pem -rw------- 1 root root 160 okt 26 14:24 ca.cfg -rw---...

...at harte-lyne.ca> writes: > > JBB> tcpenable=yes > JBB> tlsenable=yes > JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB> tlscipher=ALL > JBB> tlsclientmethod=tlsv1 > > You are missing the tls key. > > The config name is tlsprivatekey; set that to the filename of your tls > key, akin to how tlscertfile is set. > > -JimC Thank you. The settings in sip_general_additional.conf are now: tcpenable=yes tlsenable=yes tlscertfile=/etc/pki...

...[global] encryption = yes tlsenable = yes tlsbindaddr = 0.0.0.0 tlscertfile = /path/to/asterisk/certificate/and/key/in/a/single/file tlscafile = /path/to/CA/certificate tlscipher = ALL tlsclientmethod = tlsv1 [tls user] transport = tls Can someone give me any clues to what is happening? I've checked my packet flow with tcpdump and wireshark as well, but I'm still left mystified. Cheers

...JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: JBB> tcpenable=yes JBB> tlsenable=yes JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB> tlsdontverifyserver=yes JBB> tlscipher=ALL JBB> tlsclientmethod=tlsv1 You are missing the tls key. The config name is tlsprivatekey; set that to the filename of your tls key, akin to how tlscertfile is set. -JimC -- James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6

...20") in new stack == Using SIP RTP CoS mark 5 -- Called 400 SSL certificate ok -- Nobody picked up in 20000 ms }}} My config files are : * sip.conf : {{{ tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the client [400] type=peer secret=400 ;note that this is NOT a secure password host=dynamic context=local dtmfmode=rfc2833 disallow=all allow=g722,gsm transport=tls encryption=yes context=local [500] type=peer secret=500 ;note that this is NOT...

...n for my company and I'm testing the TLS configuration. For this reason, I used the ast_tls_cert script to build the ssl certificates for my server. On sip.conf file: tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 and on my extension number configuration: transport=tls Finally, my phone was registered successfully on my asterisk server. But, during my tests and while I switched on sip debug mode, I have seen that on Register I have TLS and on Subscribe I have UDP. Please check the debug output bellow...

...1]: tcptls.c:668 handle_tcptls_connection: FILE * open failed! Encryption is configured via ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=:: tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL srtpcapable=yes ;tlsclientmethod=tlsv1 tlsdontverifyserver=yes and the phone is sourced by context=default ; Default context for incoming calls allowoverlap=no udpbindaddr=:: tcpenable=yes tcpbindaddr=:: srvlookup=yes and [IPV6](!,my-codecs) dtmfmode=rfc2833 context=sip-out type=friend host=dynamic transport=t...

...yes language=de callevents=yes qualify=yes faxdetect=yes t38pt_udptl=no disallow=all allow=ulaw allow=alaw ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 tlsdontverifyserver=yes ;--------------------------Default---------------- context=default ; Default context for incoming calls allowoverlap=no udpbindaddr=0.0.0.0 tcpenable=yes tcpbindaddr=0.0.0.0 srvlookup=yes [my-codecs](!) ; a template for my preferred...

...******** config ********** my http.conf --------------------- tlsenable=yes tlsbindport=8089 tlsbindaddr=0.0.0.0 ;tlscertfile=/etc/asterisk/keys/asterisk.crt tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlsprivatekey=/etc/asterisk/keys/asterisk.key tlscipher=ALL tlsclientmethod=tlsv1 ;tlsverifyclient=no ;tlsdontverifyserver=yes -- Rgds astlov

...ted' sip.conf looks like this: [general] context=guest allowguest=no allowoverlap=no allowtransfer=no bindaddr=0.0.0.0:5060 udpbindaddr=0.0.0.0:5060 tcpenable=no tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 transport=udp preferred_codec_only=no disallow=all allow=ulaw language=en trustrpid=no dtmfmode=rfc2833 videosupport=no alwaysauthreject=yes directmedia=no jbenable = yes jbforce = no [encrypted] type=friend secret=1234 context=internal callerid="Encrypted" <1002> host=dyna...

...his advisory. 2) Users of Asterisk's chan_sip channel driver, AMI, and HTTP server may set the "tlsclientmethod" or "sslclientmethod" to "tlsv1" to force TLSv1 as the only allowed encryption method. Alternatively, they may also upgrade to the versions of Asterisk specified in this...

...his advisory. 2) Users of Asterisk's chan_sip channel driver, AMI, and HTTP server may set the "tlsclientmethod" or "sslclientmethod" to "tlsv1" to force TLSv1 as the only allowed encryption method. Alternatively, they may also upgrade to the versions of Asterisk specified in this...

...l] context = default udpbindaddr = 0.0.0.0 tcpenable = no tcpbindaddr = 0.0.0.0 allowguest = no allow = ulaw allow = alaw allow = gsm allow = g722 tlsenable = yes tlsbindaddr = 0.0.0.0 tlscertfile = / etc / asterisk / keys / asterisk.pem tlscafile = / etc / asterisk / keys / ca.crt tlscipher = ALL tlsclientmethod = TLSv1 [1001] context = default type = friend username = 1001 secret = 1000 dtmfmode = rfc2833 callerid = 1001 host = dynamic transport = tls [1002] context = default type = friend username = 1002 secret = 1002 dtmfmode = rfc2833 host = dynamic transport = tls extensions.conf: [general] stati...

...his in Asterisk sip.conf (loaded through FreePBXs > sip_general_additional.conf). > > tcpenable=yes > tlsenable=yes > tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > tlscafile=/etc/pki/tls/certs/ca-bundle.crt > tlsdontverifyserver=yes > tlscipher=ALL > tlsclientmethod=tlsv1 > > And I have this for the test device context: > > [41712] > deny=0.0.0.0/0.0.0.0 > secret=NearlyANastyThat > dtmfmode=rfc2833 > canreinvite=no > context=from-internal > host=dynamic > trustrpid=yes > sendrpid=no > type=friend > nat=no > port=506...

...WARNING[2992]: tcptls.c:684 > handle_tcptls_connection: FILE * open failed! > > I have in sip.conf : > > tlsenable=yes > tlsbindaddr=0.0.0.0 > > tlscertfile=/etc/asterisk/keys/asterisk.pem > tlsdontverifyserver=yes > tlscipher=ALL > ;tlsclientmethod=tlsv2 > > /etc/asterisk/keys : > > -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt > -rw------- 1 root root 574 okt 26 14:24 asterisk.csr > -rw------- 1 root root 887 okt 26 14:24 asterisk.key > -rw------- 1 root root 2,1K okt 26 14:25 asterisk.pem &...

...;s my relevant files. *;sip.conf:* [general] udpbindaddr=0.0.0.0:5060 realm=10.201.0.106 ;replace with your Asterisk server public IP address or host transport=udp,ws,wss tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 [6000] host=dynamic secret=mysecret context=default type=friend icesupport=yes directmedia=no disallow=all allow=ulaw qualify=yes [6001] host=dynamic secret=mysecret context=default type=friend encryption=yes avpf=yes force_avp=yes icesupport=yes directmedia=no disallow=all allow=ulaw dtlse...

hello, i'm facing strange problem asterisk13.5 + chan_sip wss transport + SIPML5 1.5.230 person1 to person3 are behind different NATs audio devices double checked call from person1(chrome) to person2(chrome) works call from person1(chrome) to person 3(chrome) - no audio on both side (RTP flowing only in one direction) call from person2(chrome) to person 3(chrome) - no audio on both side

Am 23.06.2020 16:22, schrieb Marek Greško: > It seems your problems lie in something other. Most probably it is not > mtu problem. All my suspections are contradicted. If it is true you > have inter vlan voice quality problems, it is definitely something > different. Formerly I assumed you were trying only LTE vs LAN using > internet. I'm not sure what you mean with the last