Asterisk TLS configuration Issue

ashwinr12 · April 29, 2021, 6:23pm

HI,
I am using Asterisk 13 am trying to configure TLS in my asterisk I am configuring from one asterisk and trying to connect to other asterisk[domainname.com] .I generated self-signed certificate .The following are the configuration am using

[general]
tlsenable=yes
tlsbindaddr=0.0.0.0:5061
register =>tls://7001:pass@domainname.com:5061

tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlsdontverifyserver=yes
transport=tls
tlscipher=ALL
tlsclientmethod=tlsv1

[7001]
type=peer
context=default
fromuser=7001
secret=pass
host=domainname.com
port=5061
qualify=yes
username=7001
secret=pass123

I couldnt able to register peer[7001] with other asterisk ,it remains unreachable,Its not getting connected to other asterisk

david551 · April 29, 2021, 7:36pm

What is the error message?

Note that Asterisk 13 only receives fixes for security vulnerabilities, and chan_sip is community supported and is disabled in the latest version, by default - in practice it is unsupported.

ashwinr12 · April 30, 2021, 6:43pm

Thanks for your reply!
'I have tried the same in asterisk 16 am facing the same issue .Do I need to map the host asterisk certificate file here ? in configurations

This is the error message which I am getting

ERROR[27903]: tcptls.c:1139 ast_tcptls_client_start: Unable to connect SIP socket to “domainname.com”

david551 · April 30, 2021, 7:20pm

That sounds like a basic TCP error, not a TLS one.

ashwinr12 · April 30, 2021, 7:22pm

It works with tcp and udp transport but when it comes to TLS its not getting connected

david551 · April 30, 2021, 7:25pm

I assume that is because there is nothing listening on 5061, so the underlying TCP connection fails to establish.

ashwinr12 · April 30, 2021, 7:27pm

Thanks for the info ,let me check that .I have one more doubt Do I need to map the host asterisk certificate file here in configurations?

ashwinr12 · April 30, 2021, 8:31pm

HI,

I tried connecting my asterisk to other asterisk(domainname.com) am facing the following issue

ERROR[30285]: tcptls.c:753 handle_tcptls_connection: Problem setting up ssl connection with peer ‘13.234.186.81:5060’: error:00000005:lib(0):func(0):DH lib, System call EOF
WARNING[30285]: tcptls.c:845 handle_tcptls_connection: FILE * open failed from peer ‘domainname.com:5060’!

can you help me in resolving this?

david551 · April 30, 2021, 8:47pm

Error 5 seems to be an I/O error. I would guess the other side reset the connection.

system · May 30, 2021, 8:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tls sip clients cant register Asterisk SIP	17	4160	August 5, 2019
My Asterisk 14 server will not bind to Tls port Asterisk Support	14	4437	November 6, 2017
TLS verification setting Asterisk Support	0	220	May 13, 2008
Asterisk to Asterisk TLS Communication Issues Asterisk SIP	5	942	March 9, 2023
Asterisk 11 TLS & SRTP - Self signed certificate error Asterisk Support	1	1577	August 7, 2013

Asterisk TLS configuration Issue

Related topics