Colleagues, please help me solve my problem!
I cannot create tls transport in chan_pjsip.
I use Asterisk 13.33.0. Currently I have both chan_sip and chan_pjsip loaded. The first is for work, the second is for debugging migration to it.
SIP/SIPS - on ports 5060/5061, PJSIP - on ports 5070/5072.
(For debugging convenience, PJSIP settings are moved to the pjsip2.conf file using the ‘#include’ command)
Here is a fragment of the configuration file that describes the transports:
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5070[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0:5072
cert_file=/etc/ssl/certs/le-ogogon.org-fc.pem
priv_key_file=/etc/ssl/private/le-ogogon.org.pem
method = tlsv1
allow_reload=true
Here is the result:
server*CLI> pjsip show transports
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................>
==========================================================================================
Transport: transport-udp udp 0 0 0.0.0.0:5070
Objects found: 1
server*CLI>
And more errors on the console:
-- Reloading module 'res_pjproject.so' (PJPROJECT Log and Utility Support)
-- Reloading module 'res_pjsip.so' (Basic SIP resource)
[May 4 18:29:55] ERROR[101838]: res_pjsip/config_transport.c:704 int transport_tls_file_handler(const struct aco_option *, struct ast_variable *, void *): Transport: transport-tls: cert_file /etc/ssl/certs/le-ogogon.org-fc.pem is either missing or not readable
[May 4 18:29:55] ERROR[101838]: config_options.c:800 int aco_process_var(struct aco_type *, const char *, struct ast_variable *, void *): Error parsing cert_file=/etc/ssl/certs/le-ogogon.org-fc.pem at line 22 of /usr/local/etc/asterisk/ogogon/pjsip2.conf
[May 4 18:29:55] ERROR[101838]: res_sorcery_config.c:410 void sorcery_config_internal_load(void *, const struct ast_sorcery *, const char *, unsigned int): Could not create an object of type 'transport' with id 'transport-tls' from configuration file 'pjsip.conf'
[May 4 18:29:55] NOTICE[101838]: sorcery.c:1333 int sorcery_object_load(void *, void *, int): Type 'system' is not reloadable, maintaining previous values
-- Reloading module 'res_stun_monitor.so' (STUN Network Monitor)
-- Reloading module 'res_pjsip_outbound_publish.so' (PJSIP Outbound Publish Support)
I am using Letsencrypt certificate. The specified path is a symlink to its directory.
ogogon# ls -alg /etc/ssl/certs/le-ogogon.org-fc.pem
lrwxr-xr-x 1 root wheel 61 10 jul 2019 /etc/ssl/certs/le-ogogon.org-fc.pem -> /usr/local/etc/letsencrypt/live/ogogon.org-0001/fullchain.pem
ogogon# more /etc/ssl/certs/le-ogogon.org-fc.pem
-----BEGIN CERTIFICATE-----
MIIGQjCCBSqgAwIBAgISA8i1cINKpuwbSA6fNqGILIhOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MDYyMzA1NDdaFw0y
MDA3MDUyMzA1NDdaMBUxEzARBgNVBAMTCm9nb2dvbi5vcmcwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDIieZ5+961mveAadk1t0k4AddTaI+TQpqvaHIg
nOFi2yYp5uRAwKajKhi4cgcuKu/lxek2OdVLMryxrChUyr5g74TQceOTdwHl+F77
ycX5azxLgFn0pggiyTrndy4/csqYe8z5u1/929mPr4t4dXz4E4STiWycA655wNjr
oHNK3yyMDbu8vd+dhaCJ/MzKWmILN1nKSFyu/zxLcfT8QnBRD/Vblrx2HwMaC/jm
CYZlyjK00MHZPIML/hjUvkXSuGbshy3+URYLPEcxECZ96+beZMel2mwVDDyvsinq
^C
ogogon#
I also noticed a strange feature - if you set port 5071 for TTL transport, then the reload does not work at all.
What am I doing wrong?
Thank you in advance for your reply.
Ogogon.