[OpenSIPS-Users] MS team issue
Carlos Eduardo
kaduww at gmail.com
Mon May 10 14:45:32 EST 2021
Thank you Nick.
I've read these docs lots of times and didn't pay attention on it.
Em seg., 10 de mai. de 2021 às 11:44, Nick Altmann <nick at altmann.pro>
escreveu:
> Yes. You can use avp for this.
> https://opensips.org/docs/modules/3.1.x/tls_mgm.html#param_client_sip_domain_avp
>
> --
> Nick
>
> пн, 10 мая 2021 г. в 16:09, Carlos Eduardo <kaduww at gmail.com>:
>
>> Hey all,
>>
>> About using the right certificate, is it possible to ensure opensips is
>> going to use the right one when multiple are set in tls_mgm?
>>
>> Em seg., 10 de mai. de 2021 às 04:41, Răzvan Crainea <razvan at opensips.org>
>> escreveu:
>>
>>> Hi, Miha!
>>>
>>> According to your logs, opensips is 100% sending the OPTIONS through
>>> tls, but I am not sure it is using the right certificate.
>>> You can try to setup sip trace and see the communication between
>>> opensips and MSTeams.
>>>
>>> Best regards,
>>>
>>> Răzvan Crainea
>>> OpenSIPS Core Developer
>>> http://www.opensips-solutions.com
>>>
>>> On 5/10/21 9:54 AM, Miha via Users wrote:
>>> > Hello
>>> >
>>> > I have used letsenrypt for generating certs for Opensips.
>>> >
>>> > Regarding configuration i have fallowed your configuration steps on
>>> > OpenSips blog.
>>> >
>>> > socket=udp:xxx.xxx.xxx.xxx:5060 # CUSTOMIZE ME
>>> > socket=tls:xxx.xxx.xxx.xxx:5061
>>> >
>>> >
>>> >
>>> >
>>> > ### Proto TLS
>>> > loadmodule "proto_tls.so"
>>> > modparam("proto_tls", "tls_handshake_timeout", 300)
>>> > #### TLS module
>>> > loadmodule "tls_mgm.so"
>>> > #modparam("tls_mgm", "db_url", "mysql://root:xxxx@localhost/opensips")
>>> > modparam("tls_mgm", "client_sip_domain_avp", "mtsbcs.test.com")
>>> > modparam("tls_mgm", "server_domain", "mt")
>>> > #modparam("tls_mgm", "match_ip_address", "[mt]xxx.xxx.xxx.xxx:5061")
>>> > #modparam("tls_mgm", "match_sip_domain", "[mt]mtsbcs.test.com")
>>> > modparam("tls_mgm", "certificate",
>>> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/cert.pem")
>>> > modparam("tls_mgm", "private_key",
>>> > "[mt]/etc/letsencrypt/live/mtsbcs.test.com/privkey.pem")
>>> > modparam("tls_mgm", "ca_list",
>>> "[mt]/etc/ssl/certs/ca-certificates.crt")
>>> > modparam("tls_mgm", "ca_dir", "[mt]/etc/ssl/certs/")
>>> > modparam("tls_mgm","verify_cert", "[mt]1")
>>> > modparam("tls_mgm","require_cert", "[mt]1")
>>> > modparam("tls_mgm","tls_method", "[mt]TLSv1_2")
>>> > modparam("proto_tls", "tls_max_msg_chunks", 8)
>>> > #modparam("tls_mgm", "tls_handshake_timeout", 300)
>>> >
>>> > if(is_method("OPTIONS") && is_domain_local("$rd") &&
>>> > check_source_address(0)) {
>>> > xlog("L_INFO", "[MS TEAMS] OPTIONS In");
>>> > send_reply(200, "OK");
>>> > exit;
>>> > }
>>> >
>>> >
>>> > local_route {
>>> > $var(dst) = "pstnhub.microsoft.com";
>>> > xlog("L_INFO","promding TEST");
>>> > xlog("TESTING");
>>> > if (is_method("OPTIONS") && ($(ru{s.index, $var(dst)}) != NULL))
>>> > append_hf("Contact: <sip:mtsbcs.test.com:5061
>>> ;transport=tls>\r\n");
>>> > xlog("L_INFO", "SEDING OPTIONS TO SBC");
>>> > }
>>> >
>>> >
>>> > I thnk that the main issue is that OPENSIPS does not send encrypted
>>> > OPTION to MS teams.
>>> >
>>> > Logs:
>>> >
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac:
>>> > next_hop=<sip:sip.pstnhub.microsoft.com>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:mk_proxy: doing DNS
>>> lookup...
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:sip_resolvehost: no
>>> port,
>>> > has proto -> do SRV lookup!
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup:
>>> resolving
>>> > [sip.pstnhub.microsoft.com]
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup:
>>> > SRV(_sips._tcp.sip.pstnhub.microsoft.com) =
>>> sip.pstnhub.microsoft.com:5061
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
>>> > sip2.pstnhub.microsoft.com:5061
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
>>> > sip3.pstnhub.microsoft.com:5061
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: sending socket is
>>> > 212.13.249.132
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:print_request_uri:
>>> > sip:sip.pstnhub.microsoft.com
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: building
>>> > sip_msg from buffer
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: SIP Request:
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: method:
>>> <OPTIONS>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: uri:
>>> > <sip:sip.pstnhub.microsoft.com>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: version:
>>> <SIP/2.0>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>>> > flags=ffffffffffffffff
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via_param: found
>>> > param type 232, <branch> = <z9hG4bK8d8a.3706b135.0>; state=16
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via: end of
>>> header
>>> > reached, state=5
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: via
>>> found,
>>> > flags=ffffffffffffffff
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: this is
>>> > the first via
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: end of
>>> header
>>> > reached, state=9
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: display={},
>>> > ruri={sip:sip.pstnhub.microsoft.com}
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: <To>
>>> [31];
>>> > uri=[sip:sip.pstnhub.microsoft.com]
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: to body
>>> > [sip:sip.pstnhub.microsoft.com#015#012
>>> <http://sip.pstnhub.microsoft.com#015%23012>]
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: cseq
>>> > <CSeq>: <14> <OPTIONS>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field:
>>> > content_length=0
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: found
>>> end
>>> > of header
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>>> > flags=ffffffffffffffff
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=78
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>>> > flags=ffffffffffffffff
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: Change
>>> in
>>> > local route -> rebuilding buffer
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>>> flags=2000
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
>>> > flags=ffffffffffffffff
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: flags
>>> = 15
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 2
>>> > extracted as <To: sip:sip.pstnhub.microsoft.com#015#012
>>> <http://sip.pstnhub.microsoft.com#015%23012>>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 1
>>> > extracted as <From:
>>> > <sip:prober at localhost
>>> >;tag=a665d66adab06c7308a33b8567de92d6-f627#015#012>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 8
>>> > extracted as <Call-ID: 12e30be047c27077-1020 at 212.13.249.132#015#012
>>> <http://12e30be047c27077-1020@212.13.249.132#015%23012>>
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
>>> > open tcp connection found, opening new one
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>>> > getsockopt: snd is initially 16384
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>>> > using snd buffer of 416 kb
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:init_sock_keepalive:
>>> TCP
>>> > keepalive enabled on socket 5
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
>>> > new tcp connection to: 52.114.75.24
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
>>> > 5061, proto 3
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
>>> > Creating a whole new ssl connection
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
>>> > destroying connection 0x7f45d7e08078, flags 0018
>>> > May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [0]:
>>> > 0x7f45d7e066b0 (1625)
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:timer_routine: timer
>>> > routine:0,tl=0x7f45d7e066b0 next=(nil), timeout=1625
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler:
>>> > Cancel sent out, sending 408 (0x7f45d7e06460)
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
>>> > T_code=0, new_code=408
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_pick_branch: picked
>>> > branch 0, code 408 (prio=800)
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:is_3263_failure:
>>> > dns-failover test: branch=0, last_recv=408, flags=0
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
>>> > trying DNS-based failover
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:do_dns_failover: new
>>> > destination available
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers:
>>> flags=2000
>>> > May 10 08:53:15 mtsbc opensips[1020]:
>>> > DBG:core:build_req_buf_from_sip_req: id added: <;i=0>, rcv proto=3
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers:
>>> > flags=ffffffffffffffff
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
>>> > open tcp connection found, opening new one
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>>> > getsockopt: snd is initially 16384
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>>> > using snd buffer of 416 kb
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive:
>>> TCP
>>> > keepalive enabled on socket 5
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
>>> > new tcp connection to: 52.114.132.46
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
>>> > 5061, proto 3
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
>>> > Creating a whole new ssl connection
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
>>> > destroying connection 0x7f45d7e08078, flags 0018
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
>>> > open tcp connection found, opening new one
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>>> > getsockopt: snd is initially 16384
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
>>> > using snd buffer of 416 kb
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive:
>>> TCP
>>> > keepalive enabled on socket 5
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
>>> > new tcp connection to: 52.114.14.70
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
>>> > 5061, proto 3
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
>>> > Creating a whole new ssl connection
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
>>> > destroying connection 0x7f45d7e08078, flags 0018
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: branch=0,
>>> > save=0, winner=0
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: local
>>> > transaction completed
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:run_trans_callbacks:
>>> > trans=0x7f45d7e06460, callback type 256, id 0 entered
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [2]:
>>> > 0x7f45d7e064e0 (1630)
>>> > May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler:
>>> done
>>> >
>>> >
>>> >
>>> > Thank you
>>> > miha
>>> >
>>> >
>>> > _______________________________________________
>>> > Users mailing list
>>> > Users at lists.opensips.org
>>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>> --
>> *Carlos E. Wagner*
>> *Tecnólogo em Telecomunicações, Opensips Certified Professional*
>>
>> *Fone: +55 48 99981-0894*
>> *E-mail:* kaduww at gmail.com
>> *LinkedIn:* https://www.linkedin.com/in/carlos-eduardo-wagner-96bbb433/
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
*Carlos E. Wagner*
*Tecnólogo em Telecomunicações, Opensips Certified Professional*
*Fone: +55 48 99981-0894*
*E-mail:* kaduww at gmail.com
*LinkedIn:* https://www.linkedin.com/in/carlos-eduardo-wagner-96bbb433/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210510/154ba6e7/attachment-0001.html>
More information about the Users
mailing list