Need help converting to pjsip

Here are the errors I’m getting:

ERROR[29414]: res_pjsip.c:3483 ast_sip_set_tpselector_from_transport_name: Unable to retrieve PJSIP transport 'transport-tls'

WARNING[29414]: res_pjsip_outbound_registration.c:829 schedule_retry: No response received from 'sip:x.x.x.x:5061' on registration attempt to 'sip:xxx@x.x.x.x:5061', retrying in '20'

Here is my converted pjsip.conf, I used the python tool to convert my sip.conf to this:

[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
external_media_address = x.x.x.x
external_signaling_address = x.x.x.236
local_net = 10.9.9.0/255.255.255.240
local_net = 10.5.5.0/255.255.255.0

[transport-tcp]
type = transport
protocol = tcp
bind = 0.0.0.0
external_media_address = x.x.x.236
external_signaling_address = x.x.x.236
local_net = 10.9.9.0/255.255.255.240
local_net = 10.5.5.0/255.255.255.0

[transport-tls]
type = transport
protocol = tls
bind = 10.9.9.13
external_media_address = x.x.x.236
external_signaling_address = x.x.x.236
local_net = 10.9.9.0/255.255.255.240
local_net = 10.5.5.0/255.255.255.0
cert_file = /etc/asterisk/keys/asterisk-10y.pem
cipher = ALL
ca_list_file = /etc/asterisk/keys/ca-10y.crt
verify_server = no
method = tlsv1

[reg_x.x.x.163]
type = registration
retry_interval = 20
max_retries = 10
expiration = 120
transport = transport-tls
outbound_auth = auth_reg_x.x.x.163
client_uri = sip:xxx@x.x.x.163:5061
server_uri = sip:x.x.x.163:5061

[auth_reg_x.x.x.163]
type = auth
password = xxx
username = xxx

[VoIPms]
type = aor
contact = sip:xxx@x.x.x.163

[VoIPms]
type = identify
endpoint = VoIPms
match = x.x.x.163

[VoIPms]
type = auth
username = VoIPms
password = xxx

[VoIPms]
type = endpoint
context = from-trunk
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
disable_directed_media_on_nat = yes
direct_media = no
trust_id_inbound = yes
send_rpid = yes
media_encryption = sdes
auth = VoIPms
outbound_auth = VoIPms
aors = VoIPms

[301]
type = aor
max_contacts = 1

[301]
type = auth
username = 301
password = xxx

[301]
type = endpoint
context = internal-kids
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 301
mailboxes = 303@internal
device_state_busy_at = 4
auth = 301
outbound_auth = 301
srtp_tag_32 = yes
aors = 301

[302]
type = aor
max_contacts = 1

[302]
type = auth
username = 302
password = xxx

[302]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 302
mailboxes = 302@internal
device_state_busy_at = 4
auth = 302
outbound_auth = 302
srtp_tag_32 = yes
aors = 302

[303]
type = aor
max_contacts = 1

[303]
type = auth
username = 303
password = xxx

[303]
type = endpoint
context = internal-work
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 303
mailboxes = 301@internal
device_state_busy_at = 4
auth = 303
outbound_auth = 303
srtp_tag_32 = yes
aors = 303

[304]
type = aor
max_contacts = 1

[304]
type = auth
username = 304
password = xxx

[304]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 304
mailboxes = 304@internal
auth = 304
outbound_auth = 304
aors = 304

[305]
type = aor
max_contacts = 1

[305]
type = auth
username = 305
password = xxx

[305]
type = endpoint
context = internal-work
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 305
mailboxes = 305@internal
device_state_busy_at = 4
auth = 305
outbound_auth = 305
srtp_tag_32 = yes
aors = 305

[306]
type = aor
max_contacts = 1

[306]
type = auth
username = 306
password = xxx

[306]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 306
mailboxes = 306@internal
device_state_busy_at = 4
auth = 306
outbound_auth = 306
srtp_tag_32 = yes
aors = 306

[307]
type = aor
max_contacts = 1

[307]
type = auth
username = 307
password = xxx

[307]
type = endpoint
context = internal-home
dtmf_mode = rfc4733
disallow = all
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
direct_media = no
callerid = 307
mailboxes = 307@internal
auth = 307
outbound_auth = 307
aors = 307

If anyone else notices something off please let me know. Struggling with PJSIP. :frowning:

Check the console at startup to see why the TLS transport could not be created.

I’ve made some progress, but this is killing it right now:

[Jul 26 16:28:23] WARNING[41646]: pjproject: <?>:                          SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336151568> <SSL routines-ssl3_read_bytes-sslv3 alert handshake failure> len: 0 peer: x.x.x.163:5061

[Jul 26 16:28:23] WARNING[41647]: res_pjsip_outbound_registration.c:829 schedule_retry: No response received from 'sip:x.voip.ms:5061' on registration attempt to 'sip:xxx@x.voip.ms:5061', retrying in '20'

Is that something with my cert? Cipher?

I’d expect it to be your cipher or method. If you set the method to tlsv1_2 does it change?

1 Like

Why is your bind not 0.0.0.0 as with the other transports?
Do you have the original sip.conf? I wonder what was not converted correctly.

And, please, could someone edit the Wiki entry about SIP-over-TLS? cipher = ALL and method = tlsv1 are a drama (simply leave them away, and good defaults are used) which was in the original sip.conf already, I guess.

OMG, the method to tlsv1_2 got it! THANK YOU!!!

The wiki page has been updated and method removed for PJSIP.

From CentOS 8 and Debian 10, default openssl configuration accept only tlsv1_2

En Debian 10 you can change this behavior modifying this parameter:

MinProtocol = TLSv1.2

on this file:

/etc/ssl/openssl.cnf

Regards

Yeah my old Asterisk 13/chan_sip was CentOS7 and on this VM it’s CentOS8 and Asterisk 16/pj_sip, so makes sense.