forwarding to alias On Tue, Nov 25, 2014 at 7:09 PM, Kamrul Khan <do...@live.com> wrote:
> Hi, > > I have successfully configured Kamailio for WSS support using the below > instructions. Everything works perfectly except, when call is hanged up > from the receiving end, Kamailio sends BYE and the browser disconnects > websocket connection right after getting response from Kamailio with the > following error message: > > Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed: > Invalid frame header > Chrome: The connection to ws://localhost:3001/websocket was interrupted > while the page was loading. > > Everything works perfectly over plain websocket(WS). Kamailio is sending > something with the websocket that the browsers do not like. But im not sure > what it is. If somebody faced same issue before or can give any clue that > would be really helpful. > > Thanks in advanced! > > ------------------------------ > Date: Fri, 17 Oct 2014 18:33:17 -0700 > From: gascagonz...@gmail.com > To: sr-users@lists.sip-router.org > CC: b...@langfeld.me > Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio > > Hi Ben, > > In regards your certificates, please double check the following: > a) CN field: > In your webrtc client check the URL used for wss. and verify it matches > the CN field of the certificate installed in kamailio: > Example: > In my sipml5 client I configured wss://ramenlabs.io:5063 and my > certificate in fact contains in the cn field ramenlabs.io > Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io > > openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text > > > b) > I have successfully configured Kamailio 4.1 with TLS and WSS using TLS > port 5063 > Topology: > 1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar) > 2) sipml5 --wss---> kamailio > > Relevant configurations: > kamailio.cfg > tls.cfg > certificates > > Kamailio: > loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/ > > Listening on > udp: 172.31.27.85:5060 > tcp: 172.31.27.85:5060 > tcp: 172.31.27.85:5062 > tls: 172.31.27.85:5061 > * tls: 172.31.27.85:5063 <http://172.31.27.85:5063>* > Aliases: > * tls: ip-172-31-27-85.us-west-2.compute.internal:5063* > tls: ip-172-31-27-85.us-west-2.compute.internal:5061 > tcp: ip-172-31-27-85.us-west-2.compute.internal:5062 > tcp: ip-172-31-27-85.us-west-2.compute.internal:5060 > udp: ip-172-31-27-85.us-west-2.compute.internal:5060 > *: ramenlabs.io:* > *: 172.31.27.85:* > > > kamailio.cfg > tls.cfg > > https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg > https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg > > > openssl s_client -connect 172.31.27.85:5063 where this i my internal IP > address I get presented the certificates. > HTH > > -G > > On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <do...@live.com> wrote: > > ok. I have made some changes. rather than getting the TLS configaration > from a file I added this lines: > > #!ifdef WITH_TLS > # ----- tls params ----- > > modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem") > modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem") > modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem") > > now, Im getting different logs which looks good. Getting positive results > from openssl test, > > openssl s_client -connect 192.168.146.133:5061 -tls1 > CONNECTED(00000003) > ^C > > But when I try to connect using my webRTC client or even from web-browsers > im getting timed out. I think im close .. please help me fixing this issue. > > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>: > certificate='/etc/certs/sip.192.168.146.133/cert.pem' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>: > ca_list='/etc/certs/demoCA/cert.pem' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>: > require_certificate=0 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>: > cipher_list='(null)' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>: > private_key='/etc/certs/sip.192.168.146.133/key.pem' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>: > verify_certificate=0 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client > certificate required and no checks performed > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>: > certificate='/etc/certs/sip.192.168.146.133/cert.pem' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>: > ca_list='/etc/certs/demoCA/cert.pem' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>: > require_certificate=0 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>: > cipher_list='(null)' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>: > private_key='/etc/certs/sip.192.168.146.133/key.pem' > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>: > verify_certificate=0 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9 > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: > INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY > present invalid certificate > Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: > INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using > epoll_lt io watch method (config) > > > ------------------------------ > From: do...@live.com > To: b...@langfeld.me; sr-users@lists.sip-router.org > Date: Sat, 18 Oct 2014 05:08:20 +0600 > > Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio > > I dint find any in my installation directory. probably it doesn't come > with standard installation unless you explicitly mention for it... not sure > though > > ------------------------------ > Date: Fri, 17 Oct 2014 19:56:50 -0300 > From: b...@langfeld.co.uk > To: sr-users@lists.sip-router.org > Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio > > Out of curiosity, why don't you use the pre-built packaged binaries > instead of building from source? > > On 17 October 2014 19:53, Kamrul Khan <do...@live.com> wrote: > > Hi, > > > Im trying to connect my WebRTC clietn to kamailio via WSS. I successfully > connected it via WS but having trouble connecting it via WSS. My first > issue is I get error messages while i try to compile TLS module(console log > in the end of the document). But, still it creates tls.so file. So i copied > the tls.so to my kamailio modules directory and then updated my kamailio > configuration as below: > > > #!define WITH_TLS > . > . > listen=tcp:127.0.0.1:5061 > listen=tcp:192.168.146.133:5061 > . > . > #!ifdef WITH_TLS > enable_tls=yes > #!endif > . > . > #!ifdef WITH_TLS > # ----- tls params ----- > modparam("tls", "config", "/usr/local/kamailio-devel/etc/kamailio/tls.cfg") > #!endif > > > Now, according to this mailing list, > http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when > tls module is installed, a self signed pair of certificate-private key is > generated in /usr/local/etc/kamailio”* > > > In my case, I dont even have the /usr/local/etc/kamailio directory. So, I > followed http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates > to create my certificate and key. And updated my tsl.cfg, this is how my > tsl.cfg looks like: > > > [server:192.168.146.133:5061] > method = TLSv1 > verify_certificate = no > require_certificate = no > > > private_key = /etc/certs/sip.192.168.146.133/key.pem > certificate = /etc/certs/sip.192.168.146.133/cert.pem > ca_list = /etc/certs/demoCA/cert.pem > > > [client:192.168.146.133:5061] > verify_certificate = yes > require_certificate = yes > > > > > Then I restarted my kamailio server. And i get the following errors in my > kamailio log: > > > Im not sure what wrong im doing. Please help me: > > > Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]: > init_tls_compression(): tls: init_tls: disabling compression... > Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]: > fix_hostname(): WARNING: fix_hostname: could not rev. resolve > 192.168.146.133 > Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING: > <core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could > not rev. resolve 192.168.146.133] > Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]: > init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected) > Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]: > daemonize(): pid file contains old pid, replacing pid > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: > INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: > INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: > INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512 > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: > INFO: utils [utils.c:288]: mod_init(): forward functionality disabled > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: > INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is > disabled > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: > ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs< > 192.168.146.133:5061>: No listening socket found > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: > ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while > initializing module tls > (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so) > Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: : > tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback): > invalid lock number: 30 (range 0 - 0), called from eng_table.c:227 > Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]: > daemonize(): Main process exited before writing to pipe > > > tls module compile log > > > xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls > make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls' > make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls' > make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls' > CC (gcc) [M tls.so] tls_bio.o > CC (gcc) [M tls.so] tls_cfg.o > CC (gcc) [M tls.so] tls_config.o > CC (gcc) [M tls.so] tls_ct_wrq.o > CC (gcc) [M tls.so] tls_domain.o > In file included from tls_domain.c:39:0: > tls_domain.c: In function âload_certâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR("load_cert:"); > ^ > tls_domain.c: In function âload_ca_listâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR("load_ca_list:"); > ^ > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR("load_ca_list:"); > ^ > tls_domain.c: In function âload_crlâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR("load_crl:"); > ^ > tls_domain.c: In function âload_private_keyâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ > TLS_ERR("load_private_key:"); > ^ > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR("load_private_key:"); > ^ > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR("load_private_key:"); > ^ > CC (gcc) [M tls.so] tls_dump_vf.o > CC (gcc) [M tls.so] tls_init.o > CC (gcc) [M tls.so] tls_locking.o > CC (gcc) [M tls.so] tls_mod.o > CC (gcc) [M tls.so] tls_rpc.o > CC (gcc) [M tls.so] tls_select.o > CC (gcc) [M tls.so] tls_server.o > In file included from tls_server.c:52:0: > tls_server.c: In function âtls_complete_initâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ > TLS_ERR("Failed to create SSL or BIO structure:"); > ^ > tls_server.c: In function âtls_shutdownâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR("SSL error:"); > ^ > tls_server.c: In function âtls_encode_fâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ > TLS_ERR(err_src); > ^ > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ > TLS_ERR(err_src); > ^ > tls_server.c: In function âtls_read_fâ: > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR(err_src); > ^ > tls_util.h:52:6: warning: variable âretâ set but not used > [-Wunused-but-set-variable] > int ret; \ > ^ > tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ > TLS_ERR(err_src); > ^ > CC (gcc) [M tls.so] tls_util.o > CC (gcc) [M tls.so] tls_verify.o > LD (gcc) [M tls.so] tls.so > make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls' > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ SIP Express Router (SER) > and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ SIP Express Router (SER) > and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ SIP Express Router (SER) > and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users