Hi Matt,
You mean the force_send_socket() you do for the initial INVITE ? or ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 03.09.2015 17:19, Matt Hamilton wrote:
Hi Bogdan,
This issue is seems to be related to force_send_socket which behaves
differently in 1.11 vs 1.7. To make it work, I had to explicitly
specify the port and and the proto (for force_send_socket) based on
"transport=tls" statement and the direction of the traffic.
Matt
------------------------------------------------------------------------
*From:* Bogdan-Andrei Iancu <bog...@opensips.org>
*Sent:* Monday, August 31, 2015 4:19 PM
*To:* OpenSIPS users mailling list; Matt Hamilton
*Subject:* Re: [OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5
Hi Matt,
Indeed, the SIP messages do look ok.
Could you post the OpenSIPS logs (in debug 4) for processing the
NOTIFY request ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 31.08.2015 20:07, Matt Hamilton wrote:
Hi Bogdan,
Pastebin link is http://pastebin.com/tM7zqTKX
I included both 1.7.1 and 1.11 captures. I don't see a difference
between them other than 1.11 sending the NOTIFY to UAC unencrypted.
Btw, INVITEs seems to be behaving the same way as NOTIFY (don't have
a capture for those - I assume the issue is the same).
Btw, TLS works fine between Opensips 1.11 and the phone (OK messages,
etc. are encrypted).
Thanks,
Matt
<http://pastebin.com/tM7zqTKX>
Opensips TLS - Pastebin.com
Read more... <http://pastebin.com/tM7zqTKX>
------------------------------------------------------------------------
*From:* Bogdan-Andrei Iancu <bog...@opensips.org>
*Sent:* Monday, August 31, 2015 5:21 AM
*To:* OpenSIPS users mailling list; mistral9...@hotmail.com
*Subject:* Re: [OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5
Hi Matt,
Can you post of pastebin (or similar) the SIP capture showing the
incoming NOTIFY (via UDP) from Asterisk and the outgoing NOTIFY
(supposedly via TLS) to UAC ?
Also the SUBSCRIBE request going from OpenSIPS to Asterisk will help
alot.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 30.08.2015 18:22, Matt Hamilton wrote:
We use Opensips (with TLS) as a dispatcher to multiple Asterisk
servers. Currently we are in the process of upgrading from 1.7.1 to
1.11.5, and we ran into a discrepancy between 1.7.1 and 1.11.5
regarding SIP NOTIFY messages.
Here is the flow (both ways):
UAC (TLS) -> Opensips (UDP)-> Asterisk
Asterisk (UDP) -> Opensips (TLS)-> UAC
In 1.7.1, all messages between Opensips and UAC were encrypted -
didn't matter if it was originated at UAC or Asterisk.
In 1.11.5, the SIP NOTIFY messages coming from Asterisk are sent to
UAC unencrypted (and not accepted by UAC). Here is the request that
Opensips receives and sends to the UAC in plaintext:
Request-Line: NOTIFY sip:101@1.2.3.4:5075;transport=tls;nat=yes SIP/2.0
Anything we can do to have that leg encrypted as well?
Thanks,
Matt
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users