[OpenSER-Users] UA Cant Connect To TLS

Ali Jawad ali.jawad at splendor.net
Tue Mar 25 13:20:28 CET 2008


Hi Bodgan 
Thank you for your help

I had the following "now commented" statement in route[1]

route[1] {

    xlog("L_INFO","rewritehostport to VOIP_GW:5060");
##      Removed On 1.36 25 03 08
##      sethostport("xx.xx.xx.xx:5060");

        if (subst_uri('/(sip:.*);nat=yes/\1/')){
                setbflag(6);
        };

        if (isflagset(5)||isbflagset(6)) {
                route(3);
        }

        if (!t_relay()) {
                sl_reply_error();
        };
        exit;
}


I commented it out as you can see now I cant login either but I am
getting these errors 

Forbidden and Unauthorized


Another thing I would like to mention is that it worked with non TLS
clients using the previous setups.

Thx for your help so far.
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] 
Sent: Tuesday, March 25, 2008 1:02 PM
To: Ali Jawad
Cc: users at lists.openser.org
Subject: Re: [OpenSER-Users] UA Cant Connect To TLS

Hi Ali,

The REGISTER gets to the server and it is processed by the routing 
script - your script tries to relay the request to another destination:
Mar 19 12:04:42 [29280] DBG:tm:t_relay_to: new transaction fwd'ed

I would say the problem is on the cfg script and not in TLS part.

Regards,
Bogdan

Ali Jawad wrote:
>
> Hi All
>
> My UA cant connect to tls on my openser server, as per logs everything

> seems fine ..I don't know why it disconnects in the end ..the log is 
> http://java.pastebin.ca/948774
>
> My TLS settings are
>
> /* uncomment the following lines to enable TLS support (default off)
*/
>
> #disable_tls = yes
>
> disable_tls = no
>
> listen = tls:xx.xx.x.xx.x
>
> tls_verify_server = 1
>
> tls_verify_client = 1
>
> tls_require_client_certificate = 0
>
> tls_method = TLSv1
>
> #tls_certificate = "/usr/local/eyeball/license/cert.pem"
>
> #tls_private_key = "/usr/local/eyeball/license/privkey.pem"
>
> #tls_ca_list = "/usr/local/eyeball/license/splendor3.crtpvk.pem"
>
> tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
>
> tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
>
> tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
>
> #port=5060
>
> /* uncomment and configure the following line if you want openser to
>
> bind on a specific interface/port/proto (default bind on all
available) */
>
> listen=udp:87.236.144.13:5060
>
> #listen=tcp:87.236.144.12:5060
>
> sip_warning=yes
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>   


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





More information about the Users mailing list