Hello Calvin, Thank you for sharing this! This would make for a great tutorial on https://www.kamailio.org/w/documentation/ under the TLS Tutorials section or maybe a new tutorial section for Monitoring. Many would appreciate having this documented there.
-ovidiu On Mon, Jan 29, 2024 at 8:50 PM Calvin E. via sr-users <sr-users@lists.kamailio.org> wrote: > > It turns out the system I was on really uses > /lib/systemd/system/kamailio.service, despite /etc/init.d/kamailio also > existing. > > I was able to make it work by following the Systemd process: > > mkdir /etc/default/kamailio.d/ > edit /etc/default/kamailio.d/voipmonitor > add lines: > SSLKEYLOG_UDP='127.0.0.1:1234' > LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so > /usr/lib/x86_64-linux-gnu/libssl.so.3" > > The keys are captured by the VoIPmonitor sniffer and everything works as > expected from there. I'd be happy to explain further to anyone interested in > this setup. > > On Sun, Jan 28, 2024 at 3:20 AM Sergey Safarov <s.safa...@gmail.com> wrote: >> >> You can check this PR >> https://github.com/kamailio/kamailio/pull/2785 >> >> On Fri, Jan 26, 2024 at 8:58 PM Calvin E. via sr-users >> <sr-users@lists.kamailio.org> wrote: >>> >>> I've been tasked to use LD_PRELOAD to log SSL keys for TLS connections >>> using a Diffie-Hellman cipher. The first attempt did not work, so I wanted >>> to sanity check whether Kamailio's TLS support is built in such a way that >>> would defeat LD_PRELOAD. >>> >>> The instructions from the vendor are to update /etc/init.d/kamailio like >>> this: >>> >>> env SSLKEYLOG_UDP='127.0.0.1:1234' >>> LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so >>> /usr/lib/x86_64-linux-gnu/libssl.so.3" \ >>> start-stop-daemon --start --quiet --pidfile $PIDFILE \ >>> --exec $DAEMON -- $OPTIONS || log_failure_msg " already >>> running" >>> >>> Is there anything special in Kamailio (5.7.3 on Debian 12) that would >>> prevent this from working? Not necessarily something to defeat a keylogger, >>> but maybe the way tls.so gets loaded? >>> >>> The only discrepancy I've noticed is the vendor docs refer to libssl.so.3 >>> not libssl.so.1, but the vendor said that should be OK. >>> >>> I'd love to hear from someone already using VoIPmonitor with Diffie-Hellman >>> ciphers and Kamailio. >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: -- VoIP Embedded, Inc. http://www.voipembedded.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
