Failed to register an account on Zoiper/Blink with TLS transport

sveen12 · November 15, 2016, 2:20am

i have followed this tutorial:

https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial.

this is my sip_custom.conf file

[general]
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the client


[sveen12]
type=friend
secret=root;note that this is NOT a secure password
host=dynamic
context=local
dtmfmode=rfc2833
disallow=all
allow=ulaw
transport=tls
encryption=yes

[david]
type=friend
secret=root;note that this is NOT a secure password
host=dynamic
context=local
dtmfmode=rfc2833
disallow=all
allow=ulaw
transport=tls
encryption=yes

And this is my extensions_custom.conf

[local]
exten => 6001,1,Answer()
exten => 6001,n,Dial(SIP/sveen12,60)
exten => 6001,n,VoiceMail(sveen12@main)
exten => 6001,n,Hangup()

exten => 6002,1,Answer()
exten => 6002,n,Dial(SIP/david,60)
exten => 6002,n,VoiceMail(david@main)
exten => 6002,n,Hangup()

I cant point out what is going wrong in Blink since there no error notification. In Zoiper no matter how i set the certificates, i always get a “SIP 503 - Transport Failure: no transport …”. And i dont think the certificates are an issue, becuase in the moment i check “use rport” option and change “use udp transport” instead of “use tls transport”, im able to register succesfully.

Has anyone faced a similar trouble ? How can i know in more detail what is going on underneath !?. Im pretty knew on Asterisk (Im using the latest version of Elastix) and i would to take some guidance.

david551 · November 15, 2016, 10:10am

Please provide the complete error message.

Is this error on the incoming or outgoing leg?

The tutorial you quote is for pure Asterisk, but you seem to be using something like FreePBX. If FreePBX defines a general section it will clash with yours. You would probably be best getting this working on pure Asterisk, before complicating it with FreePBX.

sveen12 · November 27, 2016, 1:28am

David, im sorry for the late respone. THANK you so much. You were right, freePBX defines a general section.

So what i did it was to create 2 extensions from the GUI. I had some problems on elastix bacause i couldnt assignt the type of transport (TLS), hence i went with asteriskNow. No further configuration had to be done.

this is my sip_general_custom.conf

tlsenable=yes
encryption=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlsprivatekey=/etc/asterisk/keys/asterisk.key 
tlscipher=ALL
tlsclientmethod=tlsv1

I was getting "Problem setting up SSL connection: error 0000000 … " but it was gone after i registered my account in Zoiper.

If anyone faced a similar issue, here goes my zoiper configuration:

Sip accounts -> advanced -> check “Use rport” and "Use TLS transport"
Sip accounts -> advanced -> check “Use rport wih media” and "TLS with SDES SRTP"
Sip accounts -> advanced -> TLS client certificate -> choose your path for your self signed client certificate
Sip accounts -> advanced -> TLS client certificate -> “Use certificate”

advanced -> securty -> Extra CA certificates -> chooser your path of your ca.crt
advanced -> securty -> check “load domain certificate” and choose the location of your server certificate (in pem format)
advanced -> securty -> protocol suite -> TLS v1