Hi,
are you sure the Kamailio tls module is on your system? Check the module
path for tls.so like this or if you have build it from source?
rpm -ql kamailio-tls
/usr/lib64/kamailio/modules/auth_identity.so
/usr/lib64/kamailio/modules/tls.so
/usr/lib64/kamailio/openssl_mutex_shared
/usr/lib64/kamailio/openssl_mutex_shared/openssl_mutex_shared.so
/usr/share/doc/kamailio/modules/README.auth_identity
/usr/share/doc/kamailio/modules/README.tls
Christopher Vincent <c...@redwoodtech.com> schrieb am Fr., 18. März 2022,
12:37:
> Hi,
>
>
>
> Kamailio / RTPEngine was set up on CentOS 8 running SIP to SIPS and RTP to
> SDES SRTP conversion. This worked as expected
>
>
>
> Attempted to duplicate the setup on RHEL but errors were seen. These
> errors were present on both RHEL 7 / RHEL 8.
>
>
>
> The errors seen were as below
>
>
>
> kamailio -c
>
> loading modules under config path: /usr/lib64/kamailio/modules/
>
> 0(9165) ERROR: tls [tls_init.c:611]: tls_pre_init(): Unable to set the
> memory allocation functions
>
> 0(9165) ERROR: tls [tls_init.c:613]: tls_pre_init(): libssl current mem
> functions - m: 0x7f7a77c367a0 r: 0x7f7a77c367f0 f: 0x7f7a77c36770
>
> 0(9165) ERROR: tls [tls_init.c:615]: tls_pre_init(): module mem functions
> - m: 0x7f7a72db7653 r: 0x7f7a72db769f f: 0x7f7a72db76fc
>
> 0(9165) ERROR: tls [tls_init.c:617]: tls_pre_init(): Be sure tls module is
> loaded before any other module using libssl (can be loaded first to be safe)
>
> 0(9165) ERROR: <core> [core/sr_module.c:590]: load_module():
> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>
> 0(9165) CRITICAL: <core> [core/cfg.y:3683]: yyerror_at(): parse error in
> config file /etc/kamailio/kamailio.cfg, line 137, column 12-19: failed to
> load module
>
> 0(9165) INFO: pv [pv_shv.c:60]: shvar_init_locks(): locks array size 16
>
> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
> module matching <tls> found
>
> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
> config file /etc/kamailio/kamailio.cfg, line 249, column 72: Can't set
> module parameter
>
> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
> module matching <tls> found
>
> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
> config file /etc/kamailio/kamailio.cfg, line 250, column 72: Can't set
> module parameter
>
> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
> module matching <tls> found
>
> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
> config file /etc/kamailio/kamailio.cfg, line 251, column 68: Can't set
> module parameter
>
> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
> module matching <tls> found
>
> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
> config file /etc/kamailio/kamailio.cfg, line 256, column 39: Can't set
> module parameter
>
> ERROR: bad config file (5 errors) (parsing code: 0)
>
> 0(9165) INFO: <core> [core/sctp_core.c:53]: sctp_core_destroy(): SCTP API
> not initialized
>
>
>
>
>
>
>
>
>
>
>
> The kamailio config was exactly the same as on the CentOS systems and
> started as below
>
>
>
> /* Server ports: */
>
> #!substdef "!SIP_PORT!5060!g"
>
> #!substdef "!SIPS_PORT!5061!g"
>
>
>
> /* Listen addresses */
>
> #!substdef "!UDP_LOCAL_ADDR!udp:SERVER_IP_ADDR:SIP_PORT!g"
>
> #!substdef "!TCP_LOCAL_ADDR!tcp:SERVER_IP_ADDR:SIPS_PORT!g"
>
>
>
> /* Server connections: */
>
> #!ifndef MAX_CONNECTIONS
>
> #!define MAX_CONNECTIONS 8192
>
> #!endif
>
>
>
>
>
> ##!define WITH_DEBUG
>
>
>
> /* Transaction and branch flags:
>
> FLT_ - per transaction (message) flags
>
> FLB_ - per branch flags
>
> */
>
> #!define FLT_ACC 1
>
> #!define FLT_ACCMISSED 2
>
> #!define FLT_ACCFAILED 3
>
> #!define FLT_NATS 5
>
> #!define FLT_OUT 8
>
> #!define FLB_NATB 6
>
> #!define FLB_NATSIPPING 7
>
>
>
> #!define KAMAILIODBURL1 "mysql://kamailio:kamailiorw@localhost/kamailio"
>
>
>
> #!define WITH_TLS
>
> enable_tls=1
>
> listen=tls:<ipaddr>:5062
>
>
>
> ####### Global Parameters #########
>
> ### LOG Levels: ALERT=-5, BUG=-4, CRIT=-3, ERR=-1, WARN=0, NOTICE=1,
> INFO=2, DBG=3
>
> #!ifdef WITH_DEBUG
>
> debug=4
>
> log_stderror=no
>
> #!else
>
> debug=2
>
> log_stderror=no
>
> #!endif
>
>
>
> memdbg=5
>
> memlog=5
>
>
>
> log_facility=LOG_LOCAL0
>
>
>
> /* display memory usage on exit */
>
> mem_summary=15
>
>
>
> /* join free memory fragments */
>
> mem_join=1
>
>
>
> /* proxy will fork and run in daemon mode */
>
> /* one process will be created for each network interface the proxy
> listens to and for each protocol (TCP/UDP), multiplied with the value of
> 'children' parameter */
>
> fork=yes
>
> children=8
>
>
>
> listen=TCP_LOCAL_ADDR
>
> listen=UDP_LOCAL_ADDR
>
>
>
> /* life time of TCP connection when there is no traffic
>
> - a bit higher than registration expires to cope with UA behind NAT */
>
> tcp_connection_lifetime=3605
>
>
>
> /* sip over websockets may not specify a content length header */
>
> tcp_accept_no_cl=yes
>
>
>
> /* buffer size used for tcp reads, limits the maximum message size (SIP,
> HTTP) that can be received over tcp */
>
> tcp_rd_buf_size=65536
>
>
>
> /* max number of tcp connections */
>
> tcp_max_connections=MAX_CONNECTIONS
>
>
>
>
>
> ####### Modules Section ########
>
>
>
> # set paths to location of modules
>
> mpath="/usr/lib64/kamailio/modules/"
>
>
>
> loadmodule "jsonrpcs.so"
>
> loadmodule "db_mysql.so"
>
> loadmodule "kex.so"
>
> loadmodule "corex.so"
>
> loadmodule "tm.so"
>
> loadmodule "tmx.so"
>
> loadmodule "rr.so"
>
> loadmodule "pv.so"
>
> loadmodule "maxfwd.so"
>
> loadmodule "usrloc.so"
>
> loadmodule "registrar.so"
>
> loadmodule "textops.so"
>
> loadmodule "siputils.so"
>
> loadmodule "xlog.so"
>
> loadmodule "sanity.so"
>
> loadmodule "ctl.so"
>
> loadmodule "cfg_rpc.so"
>
> loadmodule "acc.so"
>
> loadmodule "dispatcher.so"
>
> loadmodule "cfgutils.so"
>
> loadmodule "textopsx.so"
>
> loadmodule "nathelper.so"
>
>
>
> loadmodule "uac.so"
>
> loadmodule "ipops.so"
>
> loadmodule "debugger.so"
>
> loadmodule "exec.so"
>
> loadmodule "avpops.so"
>
> loadmodule "sqlops.so"
>
> loadmodule "rtpengine.so"
>
>
>
> loadmodule "sl.so"
>
> loadmodule "tls.so"
>
>
>
>
>
>
>
> # ----------------- setting module-specific parameters ---------------
>
>
>
> # ----- usrloc params -----
>
> # store contacts in memory only
>
> modparam("usrloc", "db_mode", 0)
>
> # hash size of 16,384
>
> modparam("usrloc", "hash_size", 14)
>
> # removes contact if ws disconnects
>
> modparam("usrloc", "handle_lost_tcp", 1)
>
> modparam("tm|usrloc", "xavp_contact", "ulattrs")
>
>
>
>
>
> # ----- jsonrpcs params -----
>
> modparam("jsonrpcs", "fifo_name", "/tmp/kamailio_jsonrpc.fifo")
>
> modparam("jsonrpcs", "dgram_socket", "/tmp/kamailio_rpc.sock")
>
>
>
>
>
> # ----- tm params -----
>
> # auto-discard branches from previous serial forking leg
>
> modparam("tm", "failure_reply_mode", 3)
>
> # default retransmission timeout: 30sec
>
> modparam("tm", "fr_timer", 30000)
>
> #default invite retransmission timeout after 1xx: 120sec
>
> modparam("tm", "fr_inv_timer", 120000)
>
>
>
>
>
> # ----- rr params -----
>
> # set next param to 1 to add value to ;lr param (helps with some UAs)
>
> modparam("rr", "enable_full_lr", 0)
>
> # do not append from tag to the RR (no need for this script)
>
> modparam("rr", "append_fromtag", 0)
>
>
>
>
>
> # ----- uac params -----
>
> modparam("uac", "restore_mode", "none")
>
>
>
>
>
> # ----- registrar params -----
>
> modparam("registrar", "method_filtering", 1)
>
> modparam("registrar", "max_contacts", 1)
>
> # max value for expires of registrations
>
> modparam("registrar", "max_expires", 3600)
>
> # disable GRUU
>
> modparam("registrar", "gruu_enabled", 0)
>
>
>
>
>
> # ----- acc params -----
>
> /* what special events should be accounted? */
>
> modparam("acc", "early_media", 0)
>
> modparam("acc", "report_ack", 0)
>
> modparam("acc", "report_cancels", 0)
>
> /* by default ww do not adjust the direction of the sequential requests.
>
> if you enable this parameter, be sure the enable "append_fromtag"
>
> in "rr" module */
>
> modparam("acc", "detect_direction", 0)
>
> /* account triggers (flags) */
>
> modparam("acc", "log_flag", FLT_ACC)
>
> modparam("acc", "log_missed_flag", FLT_ACCMISSED)
>
> modparam("acc", "log_extra",
> "src_user=$fU;src_domain=$fd;src_ip=$si;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>
> modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
>
>
>
>
>
> # ----- dispatcher params -----
>
> modparam("dispatcher", "db_url", KAMAILIODBURL1)
>
> modparam("dispatcher", "flags", 2)
>
> modparam("dispatcher", "ds_ping_method", "OPTIONS")
>
> modparam("dispatcher", "ds_ping_from", "sip:<address>.com")
>
>
>
> modparam("dispatcher", "ds_ping_interval", 5)
>
> modparam("dispatcher", "ds_probing_threshold", 1)
>
> modparam("dispatcher", "ds_inactive_threshold", 1)
>
> modparam("dispatcher", "ds_probing_mode", 3)
>
>
>
>
>
> # ----- pv params -----
>
> modparam("pv", "shvset", "maintenance=i:0")
>
> modparam("pv", "shvset", "virtualIP1=i:0")
>
> modparam("pv", "shvset", "virtualIP2=i:0")
>
>
>
>
>
> # ----- nathelper params -----
>
> modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
>
> # Note: leaving NAT pings turned off here as nathelper is only being used
> for
>
> # WebSocket connections. NAT pings are not needed as WebSockets have
>
> # their own keep-alives.
>
>
>
>
>
> # ----- rtpengine params -----
>
> modparam("rtpengine", "rtpengine_sock", "udp:localhost:2223")
>
>
>
> modparam("rtpengine", "rtpengine_sock", "udp:localhost:2223")
>
> #modparam("rtpengine", "write_sdp_pv", "$avp(sdp)")
>
>
>
>
>
> #modparam("rtpengine", "force_send_interface", SERVER_IP_ADDR)
>
> #modparam("rtpengine", "setid_default", -1)
>
> #modparam("rtpengine", "rtp_inst_pvar", "$avp(RTPENGINE)")
>
> #modparam("rtpengine", "rtpengine_retr", 5)
>
> #modparam("rtpengine", "queried_nodes_limit", 5)
>
> #modparam("rtpengine", "rtpengine_allow_op", 1)
>
> #modparam("rtpengine", "hash_table_size", MAX_CONNECTIONS)
>
> #modparam("rtpengine", "hash_table_tout", 7200)
>
>
>
>
>
> modparam("tls", "private_key", "<cert path>")
>
> modparam("tls", "certificate", "<cert path>")
>
> modparam("tls", "ca_list", "<cert path>")
>
>
>
> # modparam("tls", "ca_list", "<cert path>")
>
>
>
> modparam("tls", "tls_method", "TLSv1+")
>
>
>
>
>
> ####### Routing Logic ########
>
>
>
>
>
>
>
> If load module lines for TLS are move to near the top of the config file,
> config will parse and non-SIPS calls will work
>
> loadmodule "sl.so"
>
> loadmodule "tls.so"
>
>
>
> But logs will show
>
> WARNING: <core> [main.c:2985]: main(): tls support enabled, but no tls
> engine available (forgot to load the tls module?)
>
> WARNING: <core> [main.c:2987]: main(): disabling tls...
>
>
>
> Presumably loading the module before configuring it just gives it default
> values so the latter config is ignored
>
>
>
>
>
>
>
> Any advice on the matter would be appreciated
>
>
>
>
>
> Thanks in advance,
>
> Chris
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
