Re: [OpenSIPS-Users] no TLS client domain found error

2022-08-08 Thread Jehanzaib Younis
Thank you Bogdan,
I will change it. By the way, I noticed that as soon as I added the
following before the OPTIONS were sent to MS Teams. There were no
CRITICAL:core:io_watch_add bug logs.

set_advertised_address("xx.xx.xx.xx");
set_advertised_port("5061");

Regards,
Jehanzaib


On Wed, May 25, 2022 at 7:52 PM Bogdan-Andrei Iancu 
wrote:

> Hi Jehanzaib,
>
> For now, to get rid of that issue, just disable the tls_async in your cfg:
>
> https://opensips.org/html/docs/modules/3.2.x/proto_tls.html#param_tls_async
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>   https://www.opensips.org/events/Summit-2022Athens/
>
> On 5/21/22 5:21 AM, Jehanzaib Younis wrote:
>
> Thank you, Ovidiu.
> I Just posted my logs on github.
>
> Regards,
> Jehanzaib
>
>
> On Fri, May 20, 2022 at 3:02 AM Ovidiu Sas  wrote:
>
>> Set the log_level parameter to 4 and restart opensips. Once the error
>> occurs, collect all the logs from the start (from syslog) and send them to
>> Razvan.
>> There’s bug tracking this issue:
>> https://github.com/OpenSIPS/opensips/issues/2724
>>
>> For compiling tls_wolfssl, try from a clean clone.
>>
>> -ovidiu
>>
>> On Thu, May 19, 2022 at 08:08 Jehanzaib Younis 
>> wrote:
>>
>>> Thanks Ovidiu,
>>> I just checked the source code, the same bug is also present in
>>> the opensips-3.2.6 branch. I have another issue with 3.2.6. I am not able
>>> to compile tls_wolfssl. No issue with 3.3 though.
>>> Now I need to check what is causing this.
>>>
>>> I am getting the following error:
>>>
>>> make[1]: Entering directory `/usr/src/opensips-3.2/modules/tls_wolfssl'
>>> configure: WARNING: unrecognized options: --disable-shared,
>>> --enable-static
>>> checking whether make supports nested variables... (cached) yes
>>> ./configure: line 5259: syntax error near unexpected token `2.4.2'
>>> ./configure: line 5259: `LT_PREREQ(2.4.2)'
>>> make[1]: *** [lib/lib/libwolfssl.a] Error 2
>>>
>>>
>>>
>>> Regards,
>>> Jehanzaib
>>>
>>>
>>> On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas 
>>> wrote:
>>>
 Please upgrade to the latest version and see if the error persists. If
 yes, please run the server in debug mode and save the logs so this issue
 can be investigated properly.

 Thanks,
 Ovidiu

 On Wed, May 18, 2022 at 09:02 Jehanzaib Younis <
 jehanzaib.ki...@gmail.com> wrote:

> Thank you Bogdan,
> That helped a lot. As you mentioned I need to start only with
> server_domain or client_domain.
> Now I changed my config a bit as shown below:
>  (WebRTC) Client
> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
> modparam("tls_mgm", "certificate",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
> modparam("tls_mgm", "private_key",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
> modparam("tls_mgm", "ca_list",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
> modparam("tls_mgm", "ca_dir",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")
>
> ### This is for MS-Teams direct route
> modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
> modparam("tls_mgm", "certificate", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
> modparam("tls_mgm", "private_key", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem")
> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com")
> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
> Looks like the initial handshake is fine when my server sends OPTIONS
> to MSTeams. There is a bug in the code according to the logs as shown 
> below:
>
> opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map
> fd=142 is not present in fd_array
> (fd=142,type=19,flags=8003,data=0x7f825805ceb8)#012#012It seems you
> have hit a programming bug.#012Please help us make OpenSIPS better by
> reporting it at https://github.com/OpenSIPS/opensips/issues
> opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed
> after successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1)
> already=0
> opensips[23993]: NOTICE:tls_wolfssl:verify

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-25 Thread Bogdan-Andrei Iancu

Hi Jehanzaib,

For now, to get rid of that issue, just disable the tls_async in your cfg:
https://opensips.org/html/docs/modules/3.2.x/proto_tls.html#param_tls_async

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 5/21/22 5:21 AM, Jehanzaib Younis wrote:

Thank you, Ovidiu.
I Just posted my logs on github.

Regards,
Jehanzaib


On Fri, May 20, 2022 at 3:02 AM Ovidiu Sas > wrote:


Set the log_level parameter to 4 and restart opensips. Once the
error occurs, collect all the logs from the start (from syslog)
and send them to Razvan.
There’s bug tracking this issue:
https://github.com/OpenSIPS/opensips/issues/2724


For compiling tls_wolfssl, try from a clean clone.

-ovidiu

On Thu, May 19, 2022 at 08:08 Jehanzaib Younis
mailto:jehanzaib.ki...@gmail.com>> wrote:

Thanks Ovidiu,
I just checked the source code, the same bug is also present
in the opensips-3.2.6 branch. I have another issue with 3.2.6.
I am not able to compile tls_wolfssl. No issue with 3.3 though.
Now I need to check what is causing this.
I am getting the following error:

make[1]: Entering directory
`/usr/src/opensips-3.2/modules/tls_wolfssl'
configure: WARNING: unrecognized options: --disable-shared,
--enable-static
checking whether make supports nested variables... (cached) yes
./configure: line 5259: syntax error near unexpected token `2.4.2'
./configure: line 5259: `LT_PREREQ(2.4.2)'
make[1]: *** [lib/lib/libwolfssl.a] Error 2



Regards,
Jehanzaib


On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas
mailto:o...@voipembedded.com>> wrote:

Please upgrade to the latest version and see if the error
persists. If yes, please run the server in debug mode and
save the logs so this issue can be investigated properly.

Thanks,
Ovidiu

On Wed, May 18, 2022 at 09:02 Jehanzaib Younis
mailto:jehanzaib.ki...@gmail.com>> wrote:

Thank you Bogdan,
That helped a lot. As you mentioned I need to start
only with server_domain or client_domain.
Now I changed my config a bit as shown below:
 (WebRTC) Client
modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
modparam("tls_mgm", "certificate",

"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
modparam("tls_mgm", "private_key",

"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
modparam("tls_mgm", "ca_list",

"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
modparam("tls_mgm", "ca_dir",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
modparam("tls_mgm", "tls_method",
"[sip.mywebphone.xx]SSLv23")
modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
modparam("tls_mgm", "require_cert",
"[sip.mywebphone.xx]1")

### This is for MS-Teams direct route
modparam("tls_mgm", "client_domain",
"dom1.formsteams.com ")
modparam("tls_mgm", "certificate",
"[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem
")
modparam("tls_mgm", "private_key",
"[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem
")
modparam("tls_mgm", "ca_list", "[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem
")
modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com
")
modparam("tls_mgm", "tls_method",
"[dom1.formsteams.com
]SSLv23")
modparam("tls_mgm", "verify_cert",
"[dom1.formsteams.com ]1")
modparam("tls_mgm", "require_cert",
"[dom1.formsteams.com ]1")
modparam("tls_mgm", "client_sip_domain_avp"

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-20 Thread Jehanzaib Younis
Thank you, Ovidiu.
I Just posted my logs on github.

Regards,
Jehanzaib


On Fri, May 20, 2022 at 3:02 AM Ovidiu Sas  wrote:

> Set the log_level parameter to 4 and restart opensips. Once the error
> occurs, collect all the logs from the start (from syslog) and send them to
> Razvan.
> There’s bug tracking this issue:
> https://github.com/OpenSIPS/opensips/issues/2724
>
> For compiling tls_wolfssl, try from a clean clone.
>
> -ovidiu
>
> On Thu, May 19, 2022 at 08:08 Jehanzaib Younis 
> wrote:
>
>> Thanks Ovidiu,
>> I just checked the source code, the same bug is also present in
>> the opensips-3.2.6 branch. I have another issue with 3.2.6. I am not able
>> to compile tls_wolfssl. No issue with 3.3 though.
>> Now I need to check what is causing this.
>>
>> I am getting the following error:
>>
>> make[1]: Entering directory `/usr/src/opensips-3.2/modules/tls_wolfssl'
>> configure: WARNING: unrecognized options: --disable-shared,
>> --enable-static
>> checking whether make supports nested variables... (cached) yes
>> ./configure: line 5259: syntax error near unexpected token `2.4.2'
>> ./configure: line 5259: `LT_PREREQ(2.4.2)'
>> make[1]: *** [lib/lib/libwolfssl.a] Error 2
>>
>>
>>
>> Regards,
>> Jehanzaib
>>
>>
>> On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas  wrote:
>>
>>> Please upgrade to the latest version and see if the error persists. If
>>> yes, please run the server in debug mode and save the logs so this issue
>>> can be investigated properly.
>>>
>>> Thanks,
>>> Ovidiu
>>>
>>> On Wed, May 18, 2022 at 09:02 Jehanzaib Younis <
>>> jehanzaib.ki...@gmail.com> wrote:
>>>
 Thank you Bogdan,
 That helped a lot. As you mentioned I need to start only with
 server_domain or client_domain.
 Now I changed my config a bit as shown below:
  (WebRTC) Client
 modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
 modparam("tls_mgm", "certificate",
 "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
 modparam("tls_mgm", "private_key",
 "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
 modparam("tls_mgm", "ca_list",
 "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
 modparam("tls_mgm", "ca_dir",
 "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
 modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
 modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
 modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")

 ### This is for MS-Teams direct route
 modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
 modparam("tls_mgm", "certificate", "[dom1.formsteams.com
 ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
 modparam("tls_mgm", "private_key", "[dom1.formsteams.com
 ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
 modparam("tls_mgm", "ca_list", "[dom1.formsteams.com
 ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem")
 modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com
 ]/etc/letsencrypt/live/dom1.formsteams.com")
 modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
 modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
 modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
 modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")

 Looks like the initial handshake is fine when my server sends OPTIONS
 to MSTeams. There is a bug in the code according to the logs as shown 
 below:

 opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map fd=142
 is not present in fd_array
 (fd=142,type=19,flags=8003,data=0x7f825805ceb8)#012#012It seems you
 have hit a programming bug.#012Please help us make OpenSIPS better by
 reporting it at https://github.com/OpenSIPS/opensips/issues
 opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed
 after successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1)
 already=0
 opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
 success
 opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
 success
 opensips[23993]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
 connection to 52.114.16.74:5061 established
 opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
 success
 opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
 success
 opensips[23995]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
 connection to 52.114.76.76:5061 established


 Regards,
 Jehanzaib


 On Wed, May 18, 2022 at 6:15 PM Bogdan-Andrei Iancu <
 bog...@opensips.org> wrote:

> Hi Jehanzaib,
>
> The sequence for the MST TLS domains is wrong.
>
> For each TLS domain block, you need to start only with a server_domain
> or client_domain - of course, different names.

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-19 Thread Ovidiu Sas
Set the log_level parameter to 4 and restart opensips. Once the error
occurs, collect all the logs from the start (from syslog) and send them to
Razvan.
There’s bug tracking this issue:
https://github.com/OpenSIPS/opensips/issues/2724

For compiling tls_wolfssl, try from a clean clone.

-ovidiu

On Thu, May 19, 2022 at 08:08 Jehanzaib Younis 
wrote:

> Thanks Ovidiu,
> I just checked the source code, the same bug is also present in
> the opensips-3.2.6 branch. I have another issue with 3.2.6. I am not able
> to compile tls_wolfssl. No issue with 3.3 though.
> Now I need to check what is causing this.
>
> I am getting the following error:
>
> make[1]: Entering directory `/usr/src/opensips-3.2/modules/tls_wolfssl'
> configure: WARNING: unrecognized options: --disable-shared, --enable-static
> checking whether make supports nested variables... (cached) yes
> ./configure: line 5259: syntax error near unexpected token `2.4.2'
> ./configure: line 5259: `LT_PREREQ(2.4.2)'
> make[1]: *** [lib/lib/libwolfssl.a] Error 2
>
>
>
> Regards,
> Jehanzaib
>
>
> On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas  wrote:
>
>> Please upgrade to the latest version and see if the error persists. If
>> yes, please run the server in debug mode and save the logs so this issue
>> can be investigated properly.
>>
>> Thanks,
>> Ovidiu
>>
>> On Wed, May 18, 2022 at 09:02 Jehanzaib Younis 
>> wrote:
>>
>>> Thank you Bogdan,
>>> That helped a lot. As you mentioned I need to start only with
>>> server_domain or client_domain.
>>> Now I changed my config a bit as shown below:
>>>  (WebRTC) Client
>>> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
>>> modparam("tls_mgm", "certificate",
>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
>>> modparam("tls_mgm", "private_key",
>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
>>> modparam("tls_mgm", "ca_list",
>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
>>> modparam("tls_mgm", "ca_dir",
>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
>>> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
>>> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
>>> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")
>>>
>>> ### This is for MS-Teams direct route
>>> modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
>>> modparam("tls_mgm", "certificate", "[dom1.formsteams.com
>>> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
>>> modparam("tls_mgm", "private_key", "[dom1.formsteams.com
>>> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
>>> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com
>>> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem")
>>> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com
>>> ]/etc/letsencrypt/live/dom1.formsteams.com")
>>> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
>>> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
>>> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
>>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>>>
>>> Looks like the initial handshake is fine when my server sends OPTIONS to
>>> MSTeams. There is a bug in the code according to the logs as shown below:
>>>
>>> opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map fd=142
>>> is not present in fd_array
>>> (fd=142,type=19,flags=8003,data=0x7f825805ceb8)#012#012It seems you
>>> have hit a programming bug.#012Please help us make OpenSIPS better by
>>> reporting it at https://github.com/OpenSIPS/opensips/issues
>>> opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed
>>> after successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1)
>>> already=0
>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
>>> success
>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
>>> success
>>> opensips[23993]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
>>> connection to 52.114.16.74:5061 established
>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
>>> success
>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
>>> success
>>> opensips[23995]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
>>> connection to 52.114.76.76:5061 established
>>>
>>>
>>> Regards,
>>> Jehanzaib
>>>
>>>
>>> On Wed, May 18, 2022 at 6:15 PM Bogdan-Andrei Iancu 
>>> wrote:
>>>
 Hi Jehanzaib,

 The sequence for the MST TLS domains is wrong.

 For each TLS domain block, you need to start only with a server_domain
 or client_domain - of course, different names. And for each domain you need
 you set the matching conditions. See
 https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param

 Basically something like:

 modparam("tls_mgm", "server_domain", "formsteams_server")
 modparam("tls_mgm", "match_ip_address", "[formsteams_

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-19 Thread Jehanzaib Younis
Thanks Ovidiu,
I just checked the source code, the same bug is also present in
the opensips-3.2.6 branch. I have another issue with 3.2.6. I am not able
to compile tls_wolfssl. No issue with 3.3 though.
Now I need to check what is causing this.

I am getting the following error:

make[1]: Entering directory `/usr/src/opensips-3.2/modules/tls_wolfssl'
configure: WARNING: unrecognized options: --disable-shared, --enable-static
checking whether make supports nested variables... (cached) yes
./configure: line 5259: syntax error near unexpected token `2.4.2'
./configure: line 5259: `LT_PREREQ(2.4.2)'
make[1]: *** [lib/lib/libwolfssl.a] Error 2



Regards,
Jehanzaib


On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas  wrote:

> Please upgrade to the latest version and see if the error persists. If
> yes, please run the server in debug mode and save the logs so this issue
> can be investigated properly.
>
> Thanks,
> Ovidiu
>
> On Wed, May 18, 2022 at 09:02 Jehanzaib Younis 
> wrote:
>
>> Thank you Bogdan,
>> That helped a lot. As you mentioned I need to start only with
>> server_domain or client_domain.
>> Now I changed my config a bit as shown below:
>>  (WebRTC) Client
>> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
>> modparam("tls_mgm", "certificate",
>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
>> modparam("tls_mgm", "private_key",
>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
>> modparam("tls_mgm", "ca_list",
>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
>> modparam("tls_mgm", "ca_dir",
>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
>> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
>> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
>> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")
>>
>> ### This is for MS-Teams direct route
>> modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
>> modparam("tls_mgm", "certificate", "[dom1.formsteams.com
>> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
>> modparam("tls_mgm", "private_key", "[dom1.formsteams.com
>> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
>> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com
>> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem")
>> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com
>> ]/etc/letsencrypt/live/dom1.formsteams.com")
>> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
>> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
>> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>>
>> Looks like the initial handshake is fine when my server sends OPTIONS to
>> MSTeams. There is a bug in the code according to the logs as shown below:
>>
>> opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map fd=142
>> is not present in fd_array
>> (fd=142,type=19,flags=8003,data=0x7f825805ceb8)#012#012It seems you
>> have hit a programming bug.#012Please help us make OpenSIPS better by
>> reporting it at https://github.com/OpenSIPS/opensips/issues
>> opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed
>> after successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1)
>> already=0
>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
>> success
>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
>> success
>> opensips[23993]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
>> connection to 52.114.16.74:5061 established
>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
>> success
>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
>> success
>> opensips[23995]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
>> connection to 52.114.76.76:5061 established
>>
>>
>> Regards,
>> Jehanzaib
>>
>>
>> On Wed, May 18, 2022 at 6:15 PM Bogdan-Andrei Iancu 
>> wrote:
>>
>>> Hi Jehanzaib,
>>>
>>> The sequence for the MST TLS domains is wrong.
>>>
>>> For each TLS domain block, you need to start only with a server_domain
>>> or client_domain - of course, different names. And for each domain you need
>>> you set the matching conditions. See
>>> https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param
>>>
>>> Basically something like:
>>>
>>> modparam("tls_mgm", "server_domain", "formsteams_server")
>>> modparam("tls_mgm", "match_ip_address", "[formsteams_server]")
>>> modparam("tls_mgm", "match_sip_domain", "[formsteams_server]")
>>> modparam("tls_mgm", "certificate", "[formsteams_server].)
>>> 
>>>
>>>
>>> modparam("tls_mgm", "client_domain", "formsteams_client")
>>> modparam("tls_mgm", "match_ip_address", "[formsteams_client]")
>>> modparam("tls_mgm", "match_sip_domain", "[formsteams_client]")
>>> modparam("tls_mgm", "certificate", "[formsteams_client].)
>>> 
>>>
>>>
>>> Best regards,
>>>
>>

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-18 Thread Ovidiu Sas
Please upgrade to the latest version and see if the error persists. If yes,
please run the server in debug mode and save the logs so this issue can be
investigated properly.

Thanks,
Ovidiu

On Wed, May 18, 2022 at 09:02 Jehanzaib Younis 
wrote:

> Thank you Bogdan,
> That helped a lot. As you mentioned I need to start only with
> server_domain or client_domain.
> Now I changed my config a bit as shown below:
>  (WebRTC) Client
> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
> modparam("tls_mgm", "certificate",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
> modparam("tls_mgm", "private_key",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
> modparam("tls_mgm", "ca_list",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
> modparam("tls_mgm", "ca_dir",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")
>
> ### This is for MS-Teams direct route
> modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
> modparam("tls_mgm", "certificate", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
> modparam("tls_mgm", "private_key", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem")
> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com]/etc/letsencrypt/live/
> dom1.formsteams.com")
> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
> Looks like the initial handshake is fine when my server sends OPTIONS to
> MSTeams. There is a bug in the code according to the logs as shown below:
>
> opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map fd=142 is
> not present in fd_array
> (fd=142,type=19,flags=8003,data=0x7f825805ceb8)#012#012It seems you
> have hit a programming bug.#012Please help us make OpenSIPS better by
> reporting it at https://github.com/OpenSIPS/opensips/issues
> opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed after
> successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1) already=0
> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
> success
> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
> success
> opensips[23993]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
> connection to 52.114.16.74:5061 established
> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
> success
> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
> success
> opensips[23995]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
> connection to 52.114.76.76:5061 established
>
>
> Regards,
> Jehanzaib
>
>
> On Wed, May 18, 2022 at 6:15 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi Jehanzaib,
>>
>> The sequence for the MST TLS domains is wrong.
>>
>> For each TLS domain block, you need to start only with a server_domain
>> or client_domain - of course, different names. And for each domain you need
>> you set the matching conditions. See
>> https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param
>>
>> Basically something like:
>>
>> modparam("tls_mgm", "server_domain", "formsteams_server")
>> modparam("tls_mgm", "match_ip_address", "[formsteams_server]")
>> modparam("tls_mgm", "match_sip_domain", "[formsteams_server]")
>> modparam("tls_mgm", "certificate", "[formsteams_server].)
>> 
>>
>>
>> modparam("tls_mgm", "client_domain", "formsteams_client")
>> modparam("tls_mgm", "match_ip_address", "[formsteams_client]")
>> modparam("tls_mgm", "match_sip_domain", "[formsteams_client]")
>> modparam("tls_mgm", "certificate", "[formsteams_client].)
>> 
>>
>>
>> Best regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS eBootcamp 23rd May - 3rd June 2022
>>   https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>>
>> On 5/18/22 2:38 AM, Jehanzaib Younis wrote:
>>
>> Hi Bogdan,
>> That's the problem, when I try to add the client_domain I get an error.
>> Actually, I have a working config for webrtc but now I am adding a new
>> domain for MS teams direct route. In fact, any other domain gives an error.
>> If I disable MS Teams domain, the opensips do not give an error message and
>> my webrtc client can connect without any issue.
>>
>> loadmodule "tls_mgm.so"
>> modparam("tls_mgm", "tls_library", "wolfssl")
>>
>>  (WebRTC) Client
>> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
>> modparam("tls_mgm", "certificate",

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-18 Thread Jehanzaib Younis
Thank you Bogdan,
That helped a lot. As you mentioned I need to start only with server_domain
or client_domain.
Now I changed my config a bit as shown below:
 (WebRTC) Client
modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
modparam("tls_mgm", "certificate",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
modparam("tls_mgm", "private_key",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
modparam("tls_mgm", "ca_list",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
modparam("tls_mgm", "ca_dir",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")

### This is for MS-Teams direct route
modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
modparam("tls_mgm", "certificate", "[dom1.formsteams.com
]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom1.formsteams.com
]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
modparam("tls_mgm", "ca_list", "[dom1.formsteams.com]/etc/letsencrypt/live/
dom1.formsteams.com/fullchain.pem")
modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com]/etc/letsencrypt/live/
dom1.formsteams.com")
modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")

Looks like the initial handshake is fine when my server sends OPTIONS to
MSTeams. There is a bug in the code according to the logs as shown below:

opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map fd=142 is
not present in fd_array
(fd=142,type=19,flags=8003,data=0x7f825805ceb8)#012#012It seems you
have hit a programming bug.#012Please help us make OpenSIPS better by
reporting it at https://github.com/OpenSIPS/opensips/issues
opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed after
successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1) already=0
opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
success
opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
success
opensips[23993]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
connection to 52.114.16.74:5061 established
opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify
success
opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify
success
opensips[23995]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS
connection to 52.114.76.76:5061 established


Regards,
Jehanzaib


On Wed, May 18, 2022 at 6:15 PM Bogdan-Andrei Iancu 
wrote:

> Hi Jehanzaib,
>
> The sequence for the MST TLS domains is wrong.
>
> For each TLS domain block, you need to start only with a server_domain or
> client_domain - of course, different names. And for each domain you need
> you set the matching conditions. See
> https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param
>
> Basically something like:
>
> modparam("tls_mgm", "server_domain", "formsteams_server")
> modparam("tls_mgm", "match_ip_address", "[formsteams_server]")
> modparam("tls_mgm", "match_sip_domain", "[formsteams_server]")
> modparam("tls_mgm", "certificate", "[formsteams_server].)
> 
>
>
> modparam("tls_mgm", "client_domain", "formsteams_client")
> modparam("tls_mgm", "match_ip_address", "[formsteams_client]")
> modparam("tls_mgm", "match_sip_domain", "[formsteams_client]")
> modparam("tls_mgm", "certificate", "[formsteams_client].)
> 
>
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS eBootcamp 23rd May - 3rd June 2022
>   https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>
> On 5/18/22 2:38 AM, Jehanzaib Younis wrote:
>
> Hi Bogdan,
> That's the problem, when I try to add the client_domain I get an error.
> Actually, I have a working config for webrtc but now I am adding a new
> domain for MS teams direct route. In fact, any other domain gives an error.
> If I disable MS Teams domain, the opensips do not give an error message and
> my webrtc client can connect without any issue.
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "tls_library", "wolfssl")
>
>  (WebRTC) Client
> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
> modparam("tls_mgm", "certificate",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
> modparam("tls_mgm", "private_key",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
> modparam("tls_mgm", "ca_list",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
> modparam("tls_mgm", "ca_dir",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
> modparam("tls_mgm", 

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-18 Thread Ahmed Rehan
1. certificates must be in any subdir of /etc/opensips/tls/

2. it should be a real files, not symlinks.


Check these settings




On Wed, May 18, 2022 at 11:15 AM Bogdan-Andrei Iancu 
wrote:

> Hi Jehanzaib,
>
> The sequence for the MST TLS domains is wrong.
>
> For each TLS domain block, you need to start only with a server_domain or
> client_domain - of course, different names. And for each domain you need
> you set the matching conditions. See
> https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param
>
> Basically something like:
>
> modparam("tls_mgm", "server_domain", "formsteams_server")
> modparam("tls_mgm", "match_ip_address", "[formsteams_server]")
> modparam("tls_mgm", "match_sip_domain", "[formsteams_server]")
> modparam("tls_mgm", "certificate", "[formsteams_server].)
> 
>
>
> modparam("tls_mgm", "client_domain", "formsteams_client")
> modparam("tls_mgm", "match_ip_address", "[formsteams_client]")
> modparam("tls_mgm", "match_sip_domain", "[formsteams_client]")
> modparam("tls_mgm", "certificate", "[formsteams_client].)
> 
>
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS eBootcamp 23rd May - 3rd June 2022
>   https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>
> On 5/18/22 2:38 AM, Jehanzaib Younis wrote:
>
> Hi Bogdan,
> That's the problem, when I try to add the client_domain I get an error.
> Actually, I have a working config for webrtc but now I am adding a new
> domain for MS teams direct route. In fact, any other domain gives an error.
> If I disable MS Teams domain, the opensips do not give an error message and
> my webrtc client can connect without any issue.
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "tls_library", "wolfssl")
>
>  (WebRTC) Client
> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
> modparam("tls_mgm", "certificate",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
> modparam("tls_mgm", "private_key",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
> modparam("tls_mgm", "ca_list",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
> modparam("tls_mgm", "ca_dir",
> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")
>
> ### This is for MS-Teams direct route
> modparam("tls_mgm", "server_domain", "dom1.formsteams.com")
> modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
> modparam("tls_mgm", "certificate", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
> modparam("tls_mgm", "private_key", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com
> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem")
> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com]/etc/letsencrypt/live/
> dom1.formsteams.com")
> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
> When i enable the MS-Teams direct route domain i get the below error:
> no certificate for tls domain ' dom1.formsteams.com ' defined
>
>
> Regards,
> Jehanzaib
>
>
> On Wed, May 18, 2022 at 3:04 AM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi Jehanzaib,
>>
>> What are the TLS client domains you have defined in your tls_mgm module ?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS eBootcamp 23rd May - 3rd June 2022
>>   https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>>
>> On 5/17/22 4:32 PM, Jehanzaib Younis wrote:
>>
>> Hi,
>>
>> I am having trouble to send/receive OPTIONS to ms teams.
>> Using the dispatcher module. The socket is defined as tls:*mysbcip*:5061
>> Looks like when my opensips (3.2.x) tries to send OPTIONS. it is giving
>> me the following error
>>
>> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
>> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn
>> 0x7f00ef2a85a0
>> ERROR:core:tcp_async_connect: tcp_conn_create failed
>> ERROR:proto_tls:proto_tls_send: async TCP connect failed
>> ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed
>> ERROR:tm:t_uac: attempt to send to '
>> sip:sip3.pstnhub.microsoft.com:5061;transport:tls' failed
>>
>> I am setting the Contact as 
>>
>> Looks like the client domain is used for outgoing TLS connection but no
>> idea which domain i need to add here. The socket is my opensips ip address.
>>
>> Has anyone seen a similar kind of behaviour?
>>
>> Thank you.
>>
>> Regards,
>> Jehanzaib
>>
>> 

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-17 Thread Bogdan-Andrei Iancu

Hi Jehanzaib,

The sequence for the MST TLS domains is wrong.

For each TLS domain block, you need to start only with a server_domain 
or client_domain - of course, different names. And for each domain you 
need you set the matching conditions. See 
https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param


Basically something like:

modparam("tls_mgm", "server_domain", "formsteams_server")
modparam("tls_mgm", "match_ip_address", "[formsteams_server]")
modparam("tls_mgm", "match_sip_domain", "[formsteams_server]")
modparam("tls_mgm", "certificate", "[formsteams_server].)



modparam("tls_mgm", "client_domain", "formsteams_client")
modparam("tls_mgm", "match_ip_address", "[formsteams_client]")
modparam("tls_mgm", "match_sip_domain", "[formsteams_client]")
modparam("tls_mgm", "certificate", "[formsteams_client].)



Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS eBootcamp 23rd May - 3rd June 2022
  https://opensips.org/training/OpenSIPS_eBootcamp_2022/

On 5/18/22 2:38 AM, Jehanzaib Younis wrote:

Hi Bogdan,
That's the problem, when I try to add the client_domain I get an 
error. Actually, I have a working config for webrtc but now I am 
adding a new domain for MS teams direct route. In fact, any other 
domain gives an error. If I disable MS Teams domain, the opensips do 
not give an error message and my webrtc client can connect without any 
issue.


loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_library", "wolfssl")

 (WebRTC) Client
modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
modparam("tls_mgm", "certificate", 
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
modparam("tls_mgm", "private_key", 
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
modparam("tls_mgm", "ca_list", 
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
modparam("tls_mgm", "ca_dir", 
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")

modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")

### This is for MS-Teams direct route
modparam("tls_mgm", "server_domain", "dom1.formsteams.com 
")
modparam("tls_mgm", "client_domain", "dom1.formsteams.com 
")
modparam("tls_mgm", "certificate", "[dom1.formsteams.com 
]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem 
")
modparam("tls_mgm", "private_key", "[dom1.formsteams.com 
]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem 
")
modparam("tls_mgm", "ca_list", "[dom1.formsteams.com 
]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem 
")
modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com 
]/etc/letsencrypt/live/dom1.formsteams.com 
")
modparam("tls_mgm", "tls_method", "[dom1.formsteams.com 
]SSLv23")
modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com 
]1")
modparam("tls_mgm", "require_cert", "[dom1.formsteams.com 
]1")

modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")

When i enable the MS-Teams direct route domain i get the below error:
no certificate for tls domain ' dom1.formsteams.com 
 ' defined



Regards,
Jehanzaib


On Wed, May 18, 2022 at 3:04 AM Bogdan-Andrei Iancu 
mailto:bog...@opensips.org>> wrote:


Hi Jehanzaib,

What are the TLS client domains you have defined in your tls_mgm
module ?

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  
OpenSIPS eBootcamp 23rd May - 3rd June 2022
   https://opensips.org/training/OpenSIPS_eBootcamp_2022/  


On 5/17/22 4:32 PM, Jehanzaib Younis wrote:

Hi,

I am having trouble to send/receive OPTIONS to ms teams.
Using the dispatcher module. The socket is defined
as tls:*mysbcip*:5061
Looks like when my opensips (3.2.x) tries to send OPTIONS. it is
giving me the following error
*
*
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
ERROR:core:tcp_conn_create: failed to do proto 3 specific init
for conn 0x7f00ef2a85a0
ERROR:core:tcp_async_connect: tcp_conn_create failed
ERROR:proto_tls:proto_tls_send: async TCP connect failed
ERROR:tm:msg_send: send() to 52.114.76.76:5061
 for proto tls/3 failed
ERROR:tm:t_uac: attempt to send to
'sip:sip3.pstnhub.microsoft.com:5061;transport:tls'

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-17 Thread Jehanzaib Younis
Hi Bogdan,
That's the problem, when I try to add the client_domain I get an error.
Actually, I have a working config for webrtc but now I am adding a new
domain for MS teams direct route. In fact, any other domain gives an error.
If I disable MS Teams domain, the opensips do not give an error message and
my webrtc client can connect without any issue.

loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_library", "wolfssl")

 (WebRTC) Client
modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
modparam("tls_mgm", "certificate",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
modparam("tls_mgm", "private_key",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
modparam("tls_mgm", "ca_list",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
modparam("tls_mgm", "ca_dir",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")

### This is for MS-Teams direct route
modparam("tls_mgm", "server_domain", "dom1.formsteams.com")
modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
modparam("tls_mgm", "certificate", "[dom1.formsteams.com
]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom1.formsteams.com
]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
modparam("tls_mgm", "ca_list", "[dom1.formsteams.com]/etc/letsencrypt/live/
dom1.formsteams.com/fullchain.pem")
modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com]/etc/letsencrypt/live/
dom1.formsteams.com")
modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")

When i enable the MS-Teams direct route domain i get the below error:
no certificate for tls domain ' dom1.formsteams.com ' defined


Regards,
Jehanzaib


On Wed, May 18, 2022 at 3:04 AM Bogdan-Andrei Iancu 
wrote:

> Hi Jehanzaib,
>
> What are the TLS client domains you have defined in your tls_mgm module ?
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS eBootcamp 23rd May - 3rd June 2022
>   https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>
> On 5/17/22 4:32 PM, Jehanzaib Younis wrote:
>
> Hi,
>
> I am having trouble to send/receive OPTIONS to ms teams.
> Using the dispatcher module. The socket is defined as tls:*mysbcip*:5061
> Looks like when my opensips (3.2.x) tries to send OPTIONS. it is giving me
> the following error
>
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn
> 0x7f00ef2a85a0
> ERROR:core:tcp_async_connect: tcp_conn_create failed
> ERROR:proto_tls:proto_tls_send: async TCP connect failed
> ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed
> ERROR:tm:t_uac: attempt to send to '
> sip:sip3.pstnhub.microsoft.com:5061;transport:tls' failed
>
> I am setting the Contact as 
>
> Looks like the client domain is used for outgoing TLS connection but no
> idea which domain i need to add here. The socket is my opensips ip address.
>
> Has anyone seen a similar kind of behaviour?
>
> Thank you.
>
> Regards,
> Jehanzaib
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-17 Thread Ahmed Rehan
Hello Jehanzeb
You need to add your own domain name as client domain and server domain as
well . There will be two set of entries for tls_mgm , one set of entries
will be client_domain and one set of entries will be for Server_domain

Its flow is like , when an options is sent to MS servers, opensips is
acting as a client , and when a reply is sent from MS servers Opensips will
act as a server for your domain name

hope it clears

On Tue, May 17, 2022 at 6:32 PM Jehanzaib Younis 
wrote:

> Hi,
>
> I am having trouble to send/receive OPTIONS to ms teams.
> Using the dispatcher module. The socket is defined as tls:*mysbcip*:5061
> Looks like when my opensips (3.2.x) tries to send OPTIONS. it is giving me
> the following error
>
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn
> 0x7f00ef2a85a0
> ERROR:core:tcp_async_connect: tcp_conn_create failed
> ERROR:proto_tls:proto_tls_send: async TCP connect failed
> ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed
> ERROR:tm:t_uac: attempt to send to 
> 'sip:sip3.pstnhub.microsoft.com:5061;transport:tls'
> failed
>
> I am setting the Contact as 
>
> Looks like the client domain is used for outgoing TLS connection but no
> idea which domain i need to add here. The socket is my opensips ip address.
>
> Has anyone seen a similar kind of behaviour?
>
> Thank you.
>
> Regards,
> Jehanzaib
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


-- 
Regards
Ahmed Rehan
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-17 Thread Bogdan-Andrei Iancu

Hi Jehanzaib,

What are the TLS client domains you have defined in your tls_mgm module ?

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS eBootcamp 23rd May - 3rd June 2022
  https://opensips.org/training/OpenSIPS_eBootcamp_2022/

On 5/17/22 4:32 PM, Jehanzaib Younis wrote:

Hi,

I am having trouble to send/receive OPTIONS to ms teams.
Using the dispatcher module. The socket is defined as tls:*mysbcip*:5061
Looks like when my opensips (3.2.x) tries to send OPTIONS. it is 
giving me the following error

*
*
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
conn 0x7f00ef2a85a0

ERROR:core:tcp_async_connect: tcp_conn_create failed
ERROR:proto_tls:proto_tls_send: async TCP connect failed
ERROR:tm:msg_send: send() to 52.114.76.76:5061 
 for proto tls/3 failed
ERROR:tm:t_uac: attempt to send to 
'sip:sip3.pstnhub.microsoft.com:5061;transport:tls' failed


I am setting the Contact as 

Looks like the client domain is used for outgoing TLS connection but 
no idea which domain i need to add here. The socket is my opensips ip 
address.


Has anyone seen a similar kind of behaviour?

Thank you.

Regards,
Jehanzaib

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users