1. certificates must be in any subdir of /etc/opensips/tls/ 2. it should be a real files, not symlinks.
Check these settings On Wed, May 18, 2022 at 11:15 AM Bogdan-Andrei Iancu <bog...@opensips.org> wrote: > Hi Jehanzaib, > > The sequence for the MST TLS domains is wrong. > > For each TLS domain block, you need to start only with a server_domain or > client_domain - of course, different names. And for each domain you need > you set the matching conditions. See > https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param > > Basically something like: > > modparam("tls_mgm", "server_domain", "formsteams_server") > modparam("tls_mgm", "match_ip_address", "[formsteams_server]....") > modparam("tls_mgm", "match_sip_domain", "[formsteams_server]....") > modparam("tls_mgm", "certificate", "[formsteams_server].....) > .... > > > modparam("tls_mgm", "client_domain", "formsteams_client") > modparam("tls_mgm", "match_ip_address", "[formsteams_client]....") > modparam("tls_mgm", "match_sip_domain", "[formsteams_client]....") > modparam("tls_mgm", "certificate", "[formsteams_client].....) > .... > > > Best regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS eBootcamp 23rd May - 3rd June 2022 > https://opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 5/18/22 2:38 AM, Jehanzaib Younis wrote: > > Hi Bogdan, > That's the problem, when I try to add the client_domain I get an error. > Actually, I have a working config for webrtc but now I am adding a new > domain for MS teams direct route. In fact, any other domain gives an error. > If I disable MS Teams domain, the opensips do not give an error message and > my webrtc client can connect without any issue. > > loadmodule "tls_mgm.so" > modparam("tls_mgm", "tls_library", "wolfssl") > > #### (WebRTC) Client > modparam("tls_mgm", "server_domain", "sip.mywebphone.xx") > modparam("tls_mgm", "certificate", > "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem") > modparam("tls_mgm", "private_key", > "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem") > modparam("tls_mgm", "ca_list", > "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem") > modparam("tls_mgm", "ca_dir", > "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx") > modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23") > modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1") > modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1") > > ### This is for MS-Teams direct route > modparam("tls_mgm", "server_domain", "dom1.formsteams.com") > modparam("tls_mgm", "client_domain", "dom1.formsteams.com") > modparam("tls_mgm", "certificate", "[dom1.formsteams.com > ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem") > modparam("tls_mgm", "private_key", "[dom1.formsteams.com > ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem") > modparam("tls_mgm", "ca_list", "[dom1.formsteams.com > ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem") > modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com]/etc/letsencrypt/live/ > dom1.formsteams.com") > modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23") > modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1") > modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1") > modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") > > When i enable the MS-Teams direct route domain i get the below error: > no certificate for tls domain ' dom1.formsteams.com ' defined > > > Regards, > Jehanzaib > > > On Wed, May 18, 2022 at 3:04 AM Bogdan-Andrei Iancu <bog...@opensips.org> > wrote: > >> Hi Jehanzaib, >> >> What are the TLS client domains you have defined in your tls_mgm module ? >> >> Regards, >> >> Bogdan-Andrei Iancu >> >> OpenSIPS Founder and Developer >> https://www.opensips-solutions.com >> OpenSIPS eBootcamp 23rd May - 3rd June 2022 >> https://opensips.org/training/OpenSIPS_eBootcamp_2022/ >> >> On 5/17/22 4:32 PM, Jehanzaib Younis wrote: >> >> Hi, >> >> I am having trouble to send/receive OPTIONS to ms teams. >> Using the dispatcher module. The socket is defined as tls:*mysbcip*:5061 >> Looks like when my opensips (3.2.x) tries to send OPTIONS. it is giving >> me the following error >> >> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found >> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn >> 0x7f00ef2a85a0 >> ERROR:core:tcp_async_connect: tcp_conn_create failed >> ERROR:proto_tls:proto_tls_send: async TCP connect failed >> ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed >> ERROR:tm:t_uac: attempt to send to ' >> sip:sip3.pstnhub.microsoft.com:5061;transport:tls' failed >> >> I am setting the Contact as <sip:mytlsdomain:5061;transport=tls> >> >> Looks like the client domain is used for outgoing TLS connection but no >> idea which domain i need to add here. The socket is my opensips ip address. >> >> Has anyone seen a similar kind of behaviour? >> >> Thank you. >> >> Regards, >> Jehanzaib >> >> _______________________________________________ >> Users mailing >> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> >> > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- Regards Ahmed Rehan
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users