Asterisk 1.8.7 with TLS SIP Trunk to ACME Packet SBC


#1

Hi All,

We have registered TLS SIP Trunk to ACME Packet SBC. Trunk register final and outgoing calls are working from Asterisk to ACME.

The problem is with incoming calls from ACME towards Asterisk, all of them fail with the error “Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)”

We did a tcpdump and analyzed in Wireshark what happens. After ACME receives the Registration message from Asterisk it brings the TLS tunnel up and tries to reuse it all the time. So when ACME needs to send the INVITE to Asterisk it doesn’t include the TLSv1 negotiation thinking that the tunnel is already up.

We got the response from ACME TAC support that it’s a client responsibility to maintain the tunnel negotiation and SBC will never do this on it’s own. This is probably true since standalone endpoints with TLS work both directions (Polycom, Cisco SPA, etc).

So when Asterisk is acting as SIP TLS client it expects the TLS negotiated on any NEW dialog either direction.

We are stuck here. Any thoughts would be greatly appreciated.


#2

Hi Klondike,

Any luck with finding a solution to this?
I am trying to setup a tls trunk to MS Exchange 2010, and I get a similar problem. It works when my transport is tcp, but I get the following when it’s tls.

– Executing [s@macro-dialout-trunk:19] Dial(“SIP/5503-00000024”, “SIP/ExchangeUM/5001,300,”) in new stack
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP VRTP TOS bits 136
== Using SIP VRTP CoS mark 6
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
– Called ExchangeUM/5001

Any ideas? Anyone ?

I did this with Tribox though, I’ll try with asterisk 1.8, just in case tls works there.

Thanks in advance.


#3

6 years later, on Asterisk 15 still the same problem. Is there any solution for this?

BR