Hi,
For the incoming TLS connections, the right TLS server domain is
selected based either on the IP address (of OpenSIPS's listener), either
on the SIP domain (if SNI is used).
So, maybe SNI is not used in your case, so you should define a
match_ip_address:
https://opensips.org/html/docs/modules/3.4.x/tls_mgm.html#param_match_ip_address
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 07.03.2025 23:10, Thiago Lopes via Users wrote:
Hi everyone,
I'm trying to integrate Ms Teams and Opensips and I'm having some
problems.
I tried to use self signed and Letsencrypt certificates, with no
success. I always receive a ''no TLS client domain found'.
/usr/sbin/opensips[505412]: ERROR:proto_tls:proto_tls_conn_init: no
TLS client domain found
/usr/sbin/opensips[505412]: ERROR:core:tcp_conn_create: failed to do
proto 3 specific init for conn 0x7f7220f343b0
/usr/sbin/opensips[505412]: ERROR:core:tcp_async_connect:
tcp_conn_create failed
Here my opensips.cfg:
loadmodule "tls_mgm.so"
/*#first the server domain */
modparam("tls_mgm", "server_domain", "default")
modparam("tls_mgm", "certificate",
"[default]/etc/letsencrypt/live/sbc.mydomain.com/fullchain.pem
<http://sbc.mydomain.com/fullchain.pem>")
modparam("tls_mgm", "private_key",
"[default]/etc/letsencrypt/live/sbc.mydomain.com/privkey.pem
<http://sbc.mydomain.com/privkey.pem>")
modparam("tls_mgm", "ca_list",
"[default]/etc/letsencrypt/live/sbc.mydomain.com/inter.pem
<http://sbc.mydomain.com/inter.pem>")
modparam("tls_mgm", "match_sip_domain", "[default]sbc.mydomain.com
<http://sbc.mydomain.com>")
modparam("tls_mgm", "verify_cert", "[default]0")
#modparam("tls_mgm", "require_cert", "[default]1")
#modparam("tls_mgm", "ciphers_list", "[default]AES128-SHA256:AES256-SHA")
modparam("tls_mgm", "tls_method", "[default]SSLv23")
# #and the client domain
modparam("tls_mgm", "client_domain", "client")
modparam("tls_mgm", "certificate",
"[client]/etc/letsencrypt/live/sbc.mydomain.com/fullchain.pem
<http://sbc.mydomain.com/fullchain.pem>")
modparam("tls_mgm", "private_key",
"[client]/etc/letsencrypt/live/sbc.mydomain.com/privkey.pem
<http://sbc.mydomain.com/privkey.pem>")
modparam("tls_mgm", "ca_list",
"[client]/etc/letsencrypt/live/sbc.mydomain.com/inter.pem
<http://sbc.mydomain.com/inter.pem>")
#modparam("tls_mgm", "ca_dir",
"[client]/etc/letsencrypt/live/sbc.mydomain.com/
<http://sbc.mydomain.com/>")
modparam("tls_mgm", "match_sip_domain", "[client]sbc.mydomain.com
<http://sbc.mydomain.com>")
modparam("tls_mgm", "verify_cert", "[client]0")
# modparam("tls_mgm", "require_cert", "[client]1")
# modparam("tls_mgm", "ciphers_list", "[client]AES128-SHA256:AES256-SHA")
modparam("tls_mgm", "tls_method", "[client]SSLv23")
I also changed the certificates, using self signed in "server domain"
only or "client domain" only. Same result.
Using the openssl the verify the certificates, I receive a OK in console:
fullchain.pem: OK
The inter.pem is the file with the root and intermediate Letsencrypt
certificates.
On the Ms Teams side, I checked the FQDN used, checked the firewall
ports etc.
I followed this tutorial:
https://blog.opensips.org/2019/09/16/opensips-as-ms-teams-sbc/ , so
I'm using the Dynamic Routing module to send the OPTIONS packet. The
opensips start the communication using TLS, I see the packets using
TLS in 5061 port, but when Opensips will answer, this message appears
on the console and the connection is closed.
/usr/sbin/opensips[505398]: ERROR:tm:t_uac: attempt to send to
'sip:sip.pstnhub.microsoft.com <http://sip.pstnhub.microsoft.com>' failed
/usr/sbin/opensips[505398]: ERROR:proto_tls:proto_tls_conn_init: no
TLS client domain found
/usr/sbin/opensips[505398]: ERROR:core:tcp_conn_create: failed to do
proto 3 specific init for conn 0x7f7220f4df40
What I'm not seeing? Did someone pass through this problem?
Best regards
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
