Re: [OpenSIPS-Users] CRLF support over TLS
Hi, Vitalii! Did you try to tune your tls_crlf_* parameters? https://opensips.org/html/docs/modules/2.4.x/proto_tls.html#param_tls_crlf_drop Best regards, Răzvan On 3/22/19 8:16 PM, Vitalii Aleksandrov wrote: Hi, One of my SIP endpoints send CRLF (0x0d 0x0a) messages over TLS connections to opensips. Opensips drops TLS a connection to this phone after "tcp_max_msg_time" seconds. The same client works fine over TCP and CRLF messages are just ignored by a proxy. rfc3261 section 7.5 says: Implementations processing SIP messages over stream-oriented transports MUST ignore any CRLF appearing before the start-line Is it a bug or did I missed some configuration options to make it work? ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Răzvan Crainea OpenSIPS Core Developer http://www.opensips-solutions.com Meet the OpenSIPS team at the next OpenSIPS Summit: https://www.opensips.org/events ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] drouting() number matching
Hi everyone, can I use pattern matching in drouting groups and rules? So for example I'd like to match on +4412345678*@example.com In Asterisk dialplan I would do _+4412345678X Many thanks Mark. -- Mark Farmer farm...@gmail.com ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] I need some suggestions regarding registrar and usrloc module .
Hi All , I was using opensips-1.11 previously . Now trying to upgrade this to opensips-2.4 . I have a query . I was using a feature , if a username is register from more that 10 different places , then for that username in 200 OK reply opensips always send latest 10 contacts not all . We have done some code changes in 1.11 for this feature . Now in 2.4 this is not there in the code . So off course I have to change the code . Before that , I wanted to know , If there is any other way I can achieve this without any code changes . Merging 1.11 code with 2.4 is quite difficult for me . There is huge difference in code level . Please do help , if anything possible . *Thanks & Regards* *Sasmita Panda* *Senior Network Testing and Software Engineer* *3CLogic , ph:07827611765* ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CRLF support over TLS
Thanks a lot. It helped! I was searching for a global para and completely forgot about proto_tls module. Hi, Vitalii! Did you try to tune your tls_crlf_* parameters? https://opensips.org/html/docs/modules/2.4.x/proto_tls.html#param_tls_crlf_drop Best regards, Răzvan ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] drouting() number matching
OK I think I realised my mistake - rules are matched on longest prefix. So I think my question should be: Can I use the same principle for usernames in groups? On a side note, is it possible to match the group based on the destination domain instead of the source domain? Thanks Mark. On Mon, 25 Mar 2019 at 09:56, Mark Farmer wrote: > Hi everyone, can I use pattern matching in drouting groups and rules? > So for example I'd like to match on +4412345678*@example.com > > In Asterisk dialplan I would do _+4412345678X > > Many thanks > Mark. > > > -- > Mark Farmer > farm...@gmail.com > -- Mark Farmer farm...@gmail.com ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] strange TCP handling in opensips 2.4
Hi all.Today i encountered some strange behavior in TCP handling. Case:A - caller, proto=tcp, behind NATB - callee, proto=udp, not behind NATNathelper is active, so A is pinged by OPTIONS from opensips.A registering and then calling to B, B answers, A sends ACK for 200 and in some moment after that - disappears from network (for example - unplug network cable).After that B send BYE request. Parameters of proto_tcp:modparam("proto_tcp", "tcp_port", 5060)modparam("proto_tcp", "tcp_send_timeout", 5000)modparam("proto_tcp", "tcp_async", 1)modparam("proto_tcp", "tcp_crlf_pingpong", 0) Expected behavior:1. if TCP session is still active: opensips will try to send BYE to A via TCP and close TCP-connection after 5000ms (tcp_send_timeout interval), send 477 Send Failed to himself and 408 to B, as result of BYE transaction.2. if TCP session is no active (after some TCP-FIN): opensips will try to re-establish TCP session, and if it will be not successfull - send 477 Send Failed to himself and 408 to B, as result of BYE transaction. Real behavior:TCP session is active (there was no TCP-FIN), next OPTIONS-ping from opensips is not answered by A (because he disappeared from network) on TCP-level (no TCP-ACK for request with options), opensips starts to send TCP-retransminnions of last OPTIONS request (and continue to send this retransmissions in a next few minutes), not trying to send BYE request at all, not trying to close TCP session. After fr_timeout number of seconds opensips sends 408 to B as result of BYE transaction and not sends 477 to himself. There is screenshot of my example:https://imgur.com/HNxwxPo So - it looks like opensips totally ignore tcp_send_timeout value and it leads to some misbehavior in handling TCP requests. Am i right or i missed something? ___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS traffic is being relayed as UDP but on the TLS Port?
I'm still fighting with this and would love some assistance. Is there more data I should be collecting? do I need to post more configuration details? On Wed, Mar 20, 2019 at 4:09 PM John Kiniston wrote: > Phone sends it's request to the Proxy, the VIA specifies TLS, The From & > To are using port 5061, the Contact has transport=TLS > > > REGISTER sip:pbxj.simplybits.net:5061 SIP/2.0 > Via: SIP/2.0/TLS 172.16.52.69:11974;branch=z9hG4bK4233722137;rport > From: "Test" ;tag=3020551445 > > To: "Test" > Call-ID: 0_3070192302@172.16.52.69 > CSeq: 1 REGISTER > Contact: > Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, > REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE > Max-Forwards: 70 > User-Agent: Yealink SIP-T42G 29.83.0.50 > Expires: 300 > Allow-Events: talk,hold,conference,refer,check-sync > Mac: 00:15:65:72:e5:f3 > Line: 1 > Content-Length: 0 > > I see in my opensips logs: > > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:mid_reg_save: saving to location... > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:prepare_forward: from: '"Test" < > sip:7004salesd...@pbxj.simplybits.net:5061>;tag=3020551445' > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:prepare_forward: Call-ID: '0_3070192302@172.16.52.69' > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:prepare_forward: Contact: > '' > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:prepare_forward: registering ptr 0x7f46e9dad850 on > TMCB_REQUEST_FWDED ... > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:prepare_forward: registering for TMCB_RESPONSE_FWDED, > mri=0x7f46e9dad850 ... > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:prepare_forward: registering for TMCB_RESPONSE_DELETED, > mri=0x7f46e9dad850 ... > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:mid_reg_req_fwded: msg expires: '300' > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:calc_contact_expires: expires: 300 > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:calc_ob_contact_expires: outgoing expires: 1553121490 > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:overwrite_contact_expirations: ... contact: > 'sip:7004salesdemo@172.16.52.69:11974;transport=TLS>#015' Calculated > TIMEOUT = 1553121490 (600) > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:replace_expires_hf: ... Exp hdr: '300' > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:mid_reg_req_fwded: trimming all Contact URIs into one... > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:calc_contact_expires: expires: 300 > > Everything is transport=TLS up until this line: > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:trim_to_single_contact: deleting Contact > '' > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:trim_to_single_contact: inserting new Contact '< > sip:7004salesdemo@67.212.192.99:5060>' > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:calc_contact_expires: expires: 300 > > Here's the forward to the right host, the right port and the wrong protocol > Mar 20 15:28:10 sip2 /usr/sbin/opensips[20404]: > DBG:mid_registrar:mid_reg_req_fwded: REQ FORWARDED TO 'sip: > pbxj.simplybits.net:5061' (obp: ), expires=600 > Mar 20 15:28:46 sip2 /usr/sbin/opensips[20400]: > DBG:mid_registrar:mri_free: aor: '7004salesdemo' 0x7f46e9daa928 > Mar 20 15:28:46 sip2 /usr/sbin/opensips[20400]: > DBG:mid_registrar:mri_free: from: ' > sip:7004salesd...@pbxj.simplybits.net:5061' 0x7f46e9d8eaa8 > Mar 20 15:28:46 sip2 /usr/sbin/opensips[20400]: > DBG:mid_registrar:mri_free: to: ' > sip:7004salesd...@pbxj.simplybits.net:5061' 0x7f46e9da9e60 > Mar 20 15:28:46 sip2 /usr/sbin/opensips[20400]: > DBG:mid_registrar:mri_free: callid: '0_3070192302@172.16.52.69' > 0x7f46e9daaea0 > Mar 20 15:28:46 sip2 /usr/sbin/opensips[20400]: > DBG:mid_registrar:mri_free: main reg: 'sip:pbxj.simplybits.net:5061' > 0x7f46e9da0d60 > Mar 20 15:28:46 sip2 /usr/sbin/opensips[20400]: > DBG:mid_registrar:mri_free: ct_uri: '' (nil) > > Heres the registration as it goes out from the Proxy to the PBX. > > REGISTER sip:pbxj.simplybits.net:5061 SIP/2.0 > Via: SIP/2.0/UDP > 67.212.192.99:5060;branch=z9hG4bK9c1a.7b3004a7.0;i=8f1ca045 > > Via: SIP/2.0/TLS > 172.16.52.69:11974;received=64.119.40.170;branch=z9hG4bK4233722137;rport=11974 > > From: "Test" ;tag=3020551445 > > To: "Test" > Call-ID: 0_3070192302@172.16.52.69 > CSeq: 1 REGISTER > Contact: > Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, > REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE > Max-Forwards: 69 > User-Agent: Yealink SIP-T42G 29.83.0.50 > Expires: 600 > Allow-Events: talk,hold,conference,refer,check-sync > Ma
Re: [OpenSIPS-Users] Calculate the nearest destination based on GeoIP
Hi, I don't think the geo location data may be relevant (in order to pick up the best rtpp) - the most relevant data would be the ping roundtrip from client to your RTPPs, so you can use the closest as network delay Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Summit 2019 https://www.opensips.org/events/Summit-2019Amsterdam/ On 03/20/2019 11:59 AM, Dmitry wrote: Hi there, Maybe you know the best way to calculate the nearest routing point based on geoip data? an example: I have 3 rtpengine relays on a different country, and I can set its geo-coordinate in DB and set id for each of them via rtpengine_use_set() function in the routing script. Also, I have goip lookup via mmg_lookup() function that can give me a coordinate a caller by IP address. A caller comes from the country that _doesn't have_ rtpengine relay and I need to calculate the nearest rtpengine id for set it as prefer based on its IP address Any advice is appreciated. Thanks ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Control TLS client domain
Hi Alexey,
Well, the AVPs (as variables) are not visible for the TLS send
operation. In local route, the actual "send" is outside the route
context, so the AVP you set in the local route are not impacting the
later TLS "send".
On the other hand, you can select the TLS certificate to use based on
the destination IP of the TLS connection (the IP of the GW, in your case).
Check this
https://opensips.org/html/docs/modules/2.4.x/tls_mgm.html#domains-param .
And when you define the client_domain, you set the IP of your GW :
modparam("tls_mgm", "client_domain", "test1=GW_IP:GW_PORT")
and you do not need the local route anymore, as the test1 TLS domain will be
automatically picked when sending GW_IP:GW_PORT.
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 2019
https://www.opensips.org/events/Summit-2019Amsterdam/
On 03/20/2019 02:40 PM, vasilevalex wrote:
Hi all.
OpenSIPS 2.4.4
I have 2 gateways in Dynamic Routing module table. For both gateways I have
different sockets:
address: gw1, socket: tls::5061
address: gw2, socket: tls::5061
IP1 has certificate for TLS sip.domain1.com
IP2 has certificate for TLS sip.domain2.com
And something like this for tls management module:
loadmodule "tls_mgm.so"
modparam("tls_mgm", "client_domain_avp", "tls_cli_dom")
modparam("tls_mgm", "client_domain", "test1")
modparam("tls_mgm","certificate",
"[test1]/etc/opensips/tls/test1/fullchain.pem")
modparam("tls_mgm","private_key",
"[test1]/etc/opensips/tls/test1/privkey.pem")
modparam("tls_mgm","verify_cert", "[test1]0")
modparam("tls_mgm","require_cert", "[test1]0")
modparam("tls_mgm","tls_method", "[test1]TLSv1")
modparam("tls_mgm", "client_domain", "test2")
modparam("tls_mgm","certificate",
"[test2]/etc/opensips/tls/test2/fullchain.pem")
modparam("tls_mgm","private_key",
"[test2]/etc/opensips/tls/test2/privkey.pem")
modparam("tls_mgm","verify_cert", "[test2]0")
modparam("tls_mgm","require_cert", "[test2]0")
modparam("tls_mgm","tls_method", "[test2]TLSv1")
#Default domain
modparam("tls_mgm","certificate", "/etc/opensips/tls/test1/fullchain.pem")
modparam("tls_mgm","private_key", "/etc/opensips/tls/test1/privkey.pem")
modparam("tls_mgm","verify_cert", "0")
modparam("tls_mgm","require_cert", "0")
modparam("tls_mgm","tls_method", "TLSv1")
modparam("tls_mgm", "server_domain", "srv2=IP2:5061")
modparam("tls_mgm","certificate",
"[srv2]/etc/opensips/tls/test2/fullchain.pem")
modparam("tls_mgm","private_key",
"[srv2]/etc/opensips/tls/test2/privkey.pem")
modparam("tls_mgm","verify_cert", "[srv2]0")
modparam("tls_mgm","require_cert", "[srv2]0")
modparam("tls_mgm","tls_method", "[srv2]TLSv1")
Server part of TLS works fine.
But I want OPTIONS to these gateways to be send with correct TLS
certificate.
local_route {
if (is_method("OPTIONS")) {
# Get IP for outgoing socket
$var(ip_out) = $(fs{s.select,1,:});
switch($var(ip_out)) {
case "IP1":
$avp(tls_cli_dom) = "test1";
break;
case "IP2":
$avp(tls_cli_dom) = "test2";
break;
}
xlog("AVP for TLS: $avp(tls_cli_dom) \n");
}
}
So AVP for choosing client domain is set correctly during sending OPTIONS.
OpenSIPS uses different sockets for sending OPTIONS, but default TLS domain
for both gateways. What's wrong?
-
---
Alexey Vasilyev
--
Sent from:
http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Is it possible to generate Notify from OpenSIPS on Freeswitch NOTIFY ESL event
Hi Sagar, Theoretically you can get ESL events via freeswitch_scripting module [1] and from OpenSIPS, using an event_route[E_FREESWITCH] [2], you can build and send SIP request [3] - the question is if you have all the info and flexibility to construct the Notify requests [1] https://opensips.org/html/docs/modules/2.4.x/freeswitch_scripting.html#param_fs_subscribe [2] https://opensips.org/html/docs/modules/2.4.x/freeswitch_scripting.html#event-freeswitch [3] https://opensips.org/html/docs/modules/2.4.x/tm.html#func_t_new_request Best regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Summit 2019 https://www.opensips.org/events/Summit-2019Amsterdam/ On 03/20/2019 05:02 PM, sagar malam wrote: Hello , We are using FreeSWITCH for presence but it is not working well with heavy traffic.I wonder if we can using Opensips FreesWITCH ESL module to listen on presence event and generate notifies from OpenSIPs ? -- Thanks, Sagar ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] async and event handlers
Hi John, I don't think you can "replicate" the event triggers with some avp_db_query() from script. When you so a save(location), you never know if that call will translate into updating an existing contact or in inserting a new one - this is no visible at script level Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Summit 2019 https://www.opensips.org/events/Summit-2019Amsterdam/ On 03/20/2019 04:55 PM, John Quick wrote: I have a script which employs USRLOC to save registrations and also has an event handler defined for E_UL_CONTACT_INSERT. It is convenient, for the required logic/business rules, that I update a user database from within the event handler. If the DB update were happening directly from the main route, then I would probably use async(avp_db_query()) However, if a potentially blocking operation - such as a DB write - is done from within the event handler, am I correct in thinking that this is much safer and therefore does not need to be wrapped in an async() or launch() function call? Can you even use async() or launch() from within an event handler? Using v2.4.4 John Quick Smartvox Limited ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Is it possible to generate Notify from OpenSIPS on Freeswitch NOTIFY ESL event
Hi Sagar, So if I can glue info provided by Bogdan then yes you can pull data from incoming ESL event and create a new NOTIFY and send it to (where ) ! I would send this new NOTIFY to myself(127.0.0.1:5060) so opensips can find the location of the desired registered client and relay it swiftly. Hope it works :) Regards, Sammy On Mon, Mar 25, 2019, 1:46 PM Bogdan-Andrei Iancu, wrote: > Hi Sagar, > > Theoretically you can get ESL events via freeswitch_scripting module [1] > and from OpenSIPS, using an event_route[E_FREESWITCH] [2], you can build > and send SIP request [3] - the question is if you have all the info and > flexibility to construct the Notify requests > > [1] > https://opensips.org/html/docs/modules/2.4.x/freeswitch_scripting.html#param_fs_subscribe > [2] > https://opensips.org/html/docs/modules/2.4.x/freeswitch_scripting.html#event-freeswitch > [3] > https://opensips.org/html/docs/modules/2.4.x/tm.html#func_t_new_request > > Best regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Summit 2019 > https://www.opensips.org/events/Summit-2019Amsterdam/ > > On 03/20/2019 05:02 PM, sagar malam wrote: > > Hello , > > We are using FreeSWITCH for presence but it is not working well with heavy > traffic.I wonder if we can using Opensips FreesWITCH ESL module to listen > on presence event and generate notifies from OpenSIPs ? > > -- > Thanks, > > Sagar > > > ___ > Users mailing > listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Control TLS client domain
Hi Bogdan,
It would be nice to get rid of these AVPs, and select client domain by
destination IP, but the problem that I have only 1 destination gw IP for all
customers domains.
I have cloud platform, which I’d like to connect from OpenSIPS. And I have many
customers with their domains.
So the only way to choose client tls domain is AVP.
And why not to allow manipulate AVPs in local route? I modified
modules/tm/uac.c little bit, and now I can select TLS client domain with AVP
from local_route.
https://github.com/OpenSIPS/opensips/issues/1642
But I’m not sure about the code. And sorry, that I marked it as bug, I thought
that it is normal to work with AVP variables from local_route.
I have another issue, that OpenSIPS reuses TLS connections the same way as
regular TCP connections, but it should not. For reusing TCP connection we
check, if connection with the same dst IP:PORT exists. But for TLS it is not
enough. We additionally should check, what certificate uses this connection (or
what domain it is related).
If on server side we have SNI, why not to have more control for client TLS side?
-
Alexey Vasilyev
alexei.vasil...@gmail.com
> 25 Mar 2019, в 18:37, Bogdan-Andrei Iancu написал(а):
>
> Hi Alexey,
>
> Well, the AVPs (as variables) are not visible for the TLS send operation. In
> local route, the actual "send" is outside the route context, so the AVP you
> set in the local route are not impacting the later TLS "send".
>
> On the other hand, you can select the TLS certificate to use based on the
> destination IP of the TLS connection (the IP of the GW, in your case).
>
> Check this
> https://opensips.org/html/docs/modules/2.4.x/tls_mgm.html#domains-param .
>
> And when you define the client_domain, you set the IP of your GW :
>
> modparam("tls_mgm", "client_domain", "test1=GW_IP:GW_PORT")
>
> and you do not need the local route anymore, as the test1 TLS domain will be
> automatically picked when sending GW_IP:GW_PORT.
>
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS Summit 2019
> https://www.opensips.org/events/Summit-2019Amsterdam/
>
> On 03/20/2019 02:40 PM, vasilevalex wrote:
>> Hi all.
>>
>> OpenSIPS 2.4.4
>> I have 2 gateways in Dynamic Routing module table. For both gateways I have
>> different sockets:
>> address: gw1, socket: tls::5061
>> address: gw2, socket: tls::5061
>>
>> IP1 has certificate for TLS sip.domain1.com
>> IP2 has certificate for TLS sip.domain2.com
>>
>> And something like this for tls management module:
>>
>> loadmodule "tls_mgm.so"
>> modparam("tls_mgm", "client_domain_avp", "tls_cli_dom")
>> modparam("tls_mgm", "client_domain", "test1")
>> modparam("tls_mgm","certificate",
>> "[test1]/etc/opensips/tls/test1/fullchain.pem")
>> modparam("tls_mgm","private_key",
>> "[test1]/etc/opensips/tls/test1/privkey.pem")
>> modparam("tls_mgm","verify_cert", "[test1]0")
>> modparam("tls_mgm","require_cert", "[test1]0")
>> modparam("tls_mgm","tls_method", "[test1]TLSv1")
>> modparam("tls_mgm", "client_domain", "test2")
>> modparam("tls_mgm","certificate",
>> "[test2]/etc/opensips/tls/test2/fullchain.pem")
>> modparam("tls_mgm","private_key",
>> "[test2]/etc/opensips/tls/test2/privkey.pem")
>> modparam("tls_mgm","verify_cert", "[test2]0")
>> modparam("tls_mgm","require_cert", "[test2]0")
>> modparam("tls_mgm","tls_method", "[test2]TLSv1")
>> #Default domain
>> modparam("tls_mgm","certificate", "/etc/opensips/tls/test1/fullchain.pem")
>> modparam("tls_mgm","private_key", "/etc/opensips/tls/test1/privkey.pem")
>> modparam("tls_mgm","verify_cert", "0")
>> modparam("tls_mgm","require_cert", "0")
>> modparam("tls_mgm","tls_method", "TLSv1")
>> modparam("tls_mgm", "server_domain", "srv2=IP2:5061")
>> modparam("tls_mgm","certificate",
>> "[srv2]/etc/opensips/tls/test2/fullchain.pem")
>> modparam("tls_mgm","private_key",
>> "[srv2]/etc/opensips/tls/test2/privkey.pem")
>> modparam("tls_mgm","verify_cert", "[srv2]0")
>> modparam("tls_mgm","require_cert", "[srv2]0")
>> modparam("tls_mgm","tls_method", "[srv2]TLSv1")
>>
>> Server part of TLS works fine.
>> But I want OPTIONS to these gateways to be send with correct TLS
>> certificate.
>>
>> local_route {
>> if (is_method("OPTIONS")) {
>># Get IP for outgoing socket
>>$var(ip_out) = $(fs{s.select,1,:});
>>switch($var(ip_out)) {
>> case "IP1":
>>$avp(tls_cli_dom) = "test1";
>> break;
>> case "IP2":
>>$avp(tls_cli_dom) = "test2";
>> break;
>>}
>>xlog("AVP for TLS: $avp(tls_cli_dom) \n");
>> }
>> }
>>
>> So AVP for choosing client domain is set correctly during sending OPTIONS.
>> OpenSIPS uses different sockets for sending OPTIONS, but default TLS domain
>> for both gateways. What's wrong?
>>
>>
>>
>> -
>> ---
>> Alexey Vasilyev
>> --
>> Sent from:
>> http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html
>>
>> _
