[OpenSIPS-Users] mid_registrar TLS
Bogdan-Andrei Iancu
bogdan at opensips.org
Thu Feb 10 07:59:25 UTC 2022
Hi Alberto,
When OpenSIPS is about the create a new TLS connection, it has to know
what TSL certificate (client) to use for it.
There are 2 way of indicating that :
* use "match_ip_address" [1] to map the TLS client domain to some IPs
you want to connect to via TLS
* use "client_tls_domain_avp" [2] to manually select from script which
TLS domain to be used - set the AVP before the t_relay() to the TLS
destination.
[1]
https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#param_match_ip_address
[2]
https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#param_client_tls_domain_avp
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS eBootcamp
https://www.opensips.org/Training/Bootcamp
On 2/4/22 2:40 PM, Alberto wrote:
> Hi,
> I have a sip client connecting to opensips using tls, all requests are
> then routed to an asterisk server using mid_registrar.
>
> UDP to UDP and TCP to TCP work fine, but TLS doesn't.
>
> This is the error, but I'm having a hard time understanding it.
>
> Feb 4 12:29:32 [3406] //etc/opensips/opensips.cfg:453 Forward
> REGISTER for sip:tls-1001 at 10.0.0.252:5061
> <http://sip:tls-1001@10.0.0.252:5061> to 10.0.0.153:5061;transport=tls
> Feb 4 12:29:32 [3406] ERROR:proto_tls:proto_tls_conn_init: no TLS
> client domain found
> Feb 4 12:29:32 [3406] ERROR:core:tcp_conn_create: failed to do proto
> 3 specific init for conn 0x7ff9be1810f8
> Feb 4 12:29:32 [3406] ERROR:core:tcp_async_connect: tcp_conn_create
> failed, closing the socket
> Feb 4 12:29:32 [3406] ERROR:proto_tls:proto_tls_send: async TCP
> connect failed
> Feb 4 12:29:32 [3406] ERROR:tm:msg_send: send() to 10.0.0.153:5061
> <http://10.0.0.153:5061> for proto tls/3 failed
> Feb 4 12:29:32 [3406] ERROR:tm:t_forward_nonack: sending request failed
> Feb 4 12:29:32 [3406] ERROR:tm:w_t_relay: t_forward_nonack failed
>
>
> My configuration:
> #############
> loadmodule "mid_registrar.so"
> modparam("mid_registrar", "attr_avp", "$avp(avp_json)")
> modparam("mid_registrar", "max_contacts", 1)
> modparam("mid_registrar", "mode", 0)
> modparam("mid_registrar", "tcp_persistent_flag",
> "TCP_PERSIST_REGISTRATIONS")
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "tls_library", "wolfssl")
> modparam("tls_mgm", "server_domain", "dom1")
> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/fullchain.pem")
> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/cert.pem")
> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/privkey.pem")
> modparam("tls_mgm", "require_cert", "[dom1]0")
> modparam("tls_mgm", "tls_method", "[dom1]TLSv1-")
> modparam("tls_mgm", "verify_cert", "[dom1]0")
>
> loadmodule "proto_tls.so"
>
> ###############
> $ru = "sip:10.0.0.153:5061;transport=tls";
> setflag("TCP_PERSISTENT");
> route(relay);
>
>
> Thanks
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220210/8798ddc9/attachment.html>
More information about the Users
mailing list