[OpenSIPS-Users] why tls not enable

Bogdan-Andrei Iancu bogdan at opensips.org
Mon Jan 11 11:06:15 CET 2016 

Hi,

I do not contest the correctness of your cfg, but I'm simply asking if 
you are 100% sure that your opensips is using the correct opensips.cfg 
file ( be sure by explicitly pointing the file via "-f" startup option).

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 11.01.2016 03:46, chiu ching cheng wrote:
> ----------------------------------------------------
> openssips.cfg
>
> listen=tls:X.X.X.X:5061   # CUSTOMIZE ME
> rev_dns=no
>
> advertised_address="X.X.X.X"
> alias=X.X.X.X
>
>
> loadmodule "proto_udp.so"
>
>
> loadmodule "proto_tls.so"
> modparam("proto_tls","verify_cert", "0")
> modparam("proto_tls","require_cert", "0")
> modparam("proto_tls","tls_method", "TLSv1")
> modparam("proto_tls", "ciphers_list", "NULL")
> modparam("proto_tls","certificate", 
> "/usr/local/etc/opensips/tls/user/user-cert.pem")
> modparam("proto_tls","private_key", 
> "/usr/local/etc/opensips/tls/user/user-privkey.pem")
> modparam("proto_tls","ca_list", 
> "/usr/local/etc/opensips/tls/user/user-calist.pem")
>
>
> On Fri, Jan 8, 2016 at 11:39 PM, Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hi,
>
>     Are you sure your opensips is using the proper config file (where
>     the TLS interface is defined) ?
>
>     Regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 08.01.2016 12:06, chiu ching cheng wrote:
>>     Dear Bordan :
>>
>>     netstat -lnp | grep opensips
>>     udp        0      0 127.0.0.1:5060 <http://127.0.0.1:5060>      
>>        0.0.0.0:* 1365/opensips
>>
>>     you can find opensips is run , but just enable udp , not tls
>>
>>     On Wed, Jan 6, 2016 at 5:24 PM, Bogdan-Andrei Iancu
>>     <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>
>>         Try
>>
>>         "netstat -lnp | grep opensips"
>>
>>         Regards,
>>
>>         Bogdan-Andrei Iancu
>>         OpenSIPS Founder and Developer
>>         http://www.opensips-solutions.com
>>
>>         On 06.01.2016 04:26, chiu ching cheng wrote:
>>>         Dear Bogdan:
>>>
>>>         thanks your reply , but as following , the sip udp is enable
>>>         , opensips is enable ,and log no error . but tls not enable
>>>
>>>         I ever install another opensips server which is behind the
>>>         firewall and tls work fine , but this server is one
>>>         interface public ip , one interface private , I just config
>>>         one public ip . I don't know if this caused failure (
>>>         opensips at lease need two ip ?) .
>>>
>>>         thanks !
>>>
>>>         root at 125-227-130-1:~# netstat -tuln | grep 5061
>>>         tcp        0      0 0.0.0.0:25061 <http://0.0.0.0:25061>    
>>>               0.0.0.0:*     LISTEN
>>>         root at 125-227-130-1:~# netstat -tuln | grep 5060
>>>         tcp        0      0 0.0.0.0:25060 <http://0.0.0.0:25060>    
>>>               0.0.0.0:*     LISTEN
>>>         udp        0      0 127.0.0.1:5060 <http://127.0.0.1:5060>  
>>>                0.0.0.0:*
>>>         root at 125-227-130-1:~# ps auxw | grep opensips
>>>         root      1466  0.0  0.0  70052  4248 ?        S  10:12  
>>>         0:00 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1467  0.0  0.0  70056   892 ?        S  10:12  
>>>         0:00 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1468  0.4  0.0  70052   464 ?        S  10:12  
>>>         0:01 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1469  0.0  0.0  70052   464 ?        S  10:12  
>>>         0:00 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1470  0.0  0.0  70052   656 ?        S  10:12  
>>>         0:00 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1471  0.0  0.0  70052   656 ?        S  10:12  
>>>         0:00 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1472  0.0  0.0  70052   656 ?        S  10:12  
>>>         0:00 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1473  0.0  0.0  70052   896 ?        S  10:12  
>>>         0:00 /usr/local/sbin/opensips -P /var/run/opensips.pid
>>>         root      1731  0.0  0.0  11744   924 pts/0    R+ 10:18  
>>>         0:00 grep --color=auto opensips
>>>
>>>         On Tue, Jan 5, 2016 at 9:54 PM, Bogdan-Andrei Iancu
>>>         <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>>
>>>             Hi,
>>>
>>>             Are you sure opensips is actually started ? check logs
>>>             file for error or do "ps auxw | grep opensips"
>>>
>>>             Regards,
>>>
>>>             Bogdan-Andrei Iancu
>>>             OpenSIPS Founder and Developer
>>>             http://www.opensips-solutions.com
>>>
>>>             On 28.12.2015 11:19, chiu ching cheng wrote:
>>>>             Dear man :
>>>>
>>>>             I install opensips 2.1.1 . It's seems ok . But I find
>>>>             tls service not start . why ? It's strange . Any one
>>>>             can give a explain . Thanks .
>>>>
>>>>
>>>>
>>>>             lsb_release -a
>>>>             No LSB modules are available.
>>>>             Distributor ID:Ubuntu
>>>>             Description:Ubuntu 14.04.1 LTS
>>>>             Release:14.04
>>>>             Codename:trusty
>>>>             ------------------------------------------------------
>>>>             opensipsctl restart
>>>>
>>>>             INFO: Restarting OpenSIPS :
>>>>             INFO: stopped
>>>>
>>>>             INFO: Starting OpenSIPS :
>>>>             INFO: started (pid: 2706)
>>>>
>>>>             ----------------------------------------------------
>>>>             openssips.cfg
>>>>
>>>>             listen=tls:X.X.X.X:5061   # CUSTOMIZE ME
>>>>             rev_dns=no
>>>>
>>>>             advertised_address="X.X.X.X"
>>>>             alias=X.X.X.X
>>>>
>>>>
>>>>             loadmodule "proto_udp.so"
>>>>
>>>>
>>>>             loadmodule "proto_tls.so"
>>>>             modparam("proto_tls","verify_cert", "0")
>>>>             modparam("proto_tls","require_cert", "0")
>>>>             modparam("proto_tls","tls_method", "TLSv1")
>>>>             modparam("proto_tls", "ciphers_list", "NULL")
>>>>             modparam("proto_tls","certificate",
>>>>             "/usr/local/etc/opensips/tls/user/user-cert.pem")
>>>>             modparam("proto_tls","private_key",
>>>>             "/usr/local/etc/opensips/tls/user/user-privkey.pem")
>>>>             modparam("proto_tls","ca_list",
>>>>             "/usr/local/etc/opensips/tls/user/user-calist.pem")
>>>>
>>>>             ----------------------------------------------------------------------------------------------------
>>>>
>>>>             netstat -tuln | grep 5061
>>>>             tcp        0    0 0.0.0.0:25061 <http://0.0.0.0:25061>
>>>>             0.0.0.0:*       LISTEN
>>>>
>>>>
>>>>
>>>>             _______________________________________________
>>>>             Users mailing list
>>>>             Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>>>             http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160111/1c42adef/attachment-0001.htm>

More information about the Users mailing list