Hello, I tried to change this option, change from self-signed to true certificate, change the listeners and even change the DRouting module to Dispatcher.
Microsoft's documentation says that a SBC must send a packet to them, so they will answer back and will send an OPTIONS packet as soon as the TLS connection was made successfully. So, when I send the first packet, I will act as a client TLS user. I thought the 'client domain' part, in module configuration was the problem. But even changing the 'server' part too, the result was the same. /usr/sbin/opensips[676690]: DBG:proto_tls:proto_tls_send: no open tcp > connection found, opening new one, async = 1 > /usr/sbin/opensips[676690]: DBG:core:probe_max_sock_buff: getsockopt: snd > is initially 16384 > /usr/sbin/opensips[676690]: DBG:core:probe_max_sock_buff: using snd > buffer of 416 kb > /usr/sbin/opensips[676690]: DBG:core:init_sock_keepalive: TCP keepalive > enabled on socket 5 > /usr/sbin/opensips[676681]: WARNING:core:utimer_ticker: utimer task > <tm-utimer> already scheduled 100 ms ago (now 35900 ms), delaying execution > /usr/sbin/opensips[676690]: DBG:core:tcp_async_connect: Polling is overdue > /usr/sbin/opensips[676690]: DBG:core:tcp_async_connect: Create connection > for async connect > /usr/sbin/opensips[676690]: DBG:core:print_ip: tcpconn_new: new tcp > connection to: 52.114.32.169 > /usr/sbin/opensips[676690]: DBG:core:tcpconn_new: on port 5061, proto 3 > /usr/sbin/opensips[676690]: ERROR:proto_tls:proto_tls_conn_init: no TLS > client domain found > /usr/sbin/opensips[676690]: ERROR:core:tcp_conn_create: failed to do > proto 3 specific init for conn 0x7f027cb1d070 > /usr/sbin/opensips[676690]: DBG:core:tcpconn_destroy: delaying > (0x7f027cb1d070, flags 0018) ref = -1 ... > /usr/sbin/opensips[676690]: ERROR:core:tcp_async_connect: tcp_conn_create > failed > /usr/sbin/opensips[676690]: ERROR:proto_tls:proto_tls_send: async TCP > connect failed Thank you for your help. Regards, On Mon, Mar 10, 2025 at 4:33 AM Bogdan-Andrei Iancu <[email protected]> wrote: > Hi, > > For the incoming TLS connections, the right TLS server domain is selected > based either on the IP address (of OpenSIPS's listener), either on the SIP > domain (if SNI is used). > > So, maybe SNI is not used in your case, so you should define a > match_ip_address: > > https://opensips.org/html/docs/modules/3.4.x/tls_mgm.html#param_match_ip_address > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > https://www.siphub.com > > On 07.03.2025 23:10, Thiago Lopes via Users wrote: > > Hi everyone, > > I'm trying to integrate Ms Teams and Opensips and I'm having some > problems. > > I tried to use self signed and Letsencrypt certificates, with no success. > I always receive a ''no TLS client domain found'. > > /usr/sbin/opensips[505412]: ERROR:proto_tls:proto_tls_conn_init: no TLS > client domain found > /usr/sbin/opensips[505412]: ERROR:core:tcp_conn_create: failed to do > proto 3 specific init for conn 0x7f7220f343b0 > /usr/sbin/opensips[505412]: ERROR:core:tcp_async_connect: tcp_conn_create > failed > > Here my opensips.cfg: > > loadmodule "tls_mgm.so" > > /*#first the server domain */ > modparam("tls_mgm", "server_domain", "default") > modparam("tls_mgm", "certificate", "[default]/etc/letsencrypt/live/ > sbc.mydomain.com/fullchain.pem") > modparam("tls_mgm", "private_key", "[default]/etc/letsencrypt/live/ > sbc.mydomain.com/privkey.pem") > modparam("tls_mgm", "ca_list", "[default]/etc/letsencrypt/live/ > sbc.mydomain.com/inter.pem") > modparam("tls_mgm", "match_sip_domain", "[default]sbc.mydomain.com") > modparam("tls_mgm", "verify_cert", "[default]0") > #modparam("tls_mgm", "require_cert", "[default]1") > #modparam("tls_mgm", "ciphers_list", "[default]AES128-SHA256:AES256-SHA") > modparam("tls_mgm", "tls_method", "[default]SSLv23") > > > # #and the client domain > > modparam("tls_mgm", "client_domain", "client") > modparam("tls_mgm", "certificate", "[client]/etc/letsencrypt/live/ > sbc.mydomain.com/fullchain.pem") > modparam("tls_mgm", "private_key", "[client]/etc/letsencrypt/live/ > sbc.mydomain.com/privkey.pem") > modparam("tls_mgm", "ca_list", "[client]/etc/letsencrypt/live/ > sbc.mydomain.com/inter.pem") > #modparam("tls_mgm", "ca_dir", "[client]/etc/letsencrypt/live/ > sbc.mydomain.com/") > modparam("tls_mgm", "match_sip_domain", "[client]sbc.mydomain.com") > > modparam("tls_mgm", "verify_cert", "[client]0") > # modparam("tls_mgm", "require_cert", "[client]1") > # modparam("tls_mgm", "ciphers_list", "[client]AES128-SHA256:AES256-SHA") > modparam("tls_mgm", "tls_method", "[client]SSLv23") > > I also changed the certificates, using self signed in "server domain" only > or "client domain" only. Same result. > > Using the openssl the verify the certificates, I receive a OK in console: > > fullchain.pem: OK > > The inter.pem is the file with the root and intermediate Letsencrypt > certificates. > > On the Ms Teams side, I checked the FQDN used, checked the firewall ports > etc. > > I followed this tutorial: > https://blog.opensips.org/2019/09/16/opensips-as-ms-teams-sbc/ , so I'm > using the Dynamic Routing module to send the OPTIONS packet. The opensips > start the communication using TLS, I see the packets using TLS in 5061 > port, but when Opensips will answer, this message appears on the console > and the connection is closed. > > /usr/sbin/opensips[505398]: ERROR:tm:t_uac: attempt to send to 'sip: > sip.pstnhub.microsoft.com' failed > /usr/sbin/opensips[505398]: ERROR:proto_tls:proto_tls_conn_init: no TLS > client domain found > /usr/sbin/opensips[505398]: ERROR:core:tcp_conn_create: failed to do proto > 3 specific init for conn 0x7f7220f4df40 > > What I'm not seeing? Did someone pass through this problem? > Best regards > > _______________________________________________ > Users mailing > [email protected]http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
