Hi all ,
I hope all is ok for you
I am try to register an extension from an asterisk 13 to an asterisk 18 in tls mode.
It’s ok without certificat verification.
But if i enable verification the request seems not transmiss to server.
13 config
[transUDP]
type=transport
protocol=udp
bind=0.0.0.0:5060
[transTLS]
type=transport
protocol=tls
bind=0.0.0.0:5061
verify_server=yes
ca_list_file=/etc/asterisk/server_certs.pem
cert_file=/etc/asterisk/keys/xellip2.pem
priv_key_file=/etc/asterisk/keys/xellip2.key
cipher=ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA
[ExtServer3!1]
type=registration
transport=transTLS
outbound_auth=ExtServer3!1
server_uri=sip:192.168.0.31:5061
client_uri=sip:6001@192.168.0.31:5061
expiration=3600
contact_user=6001#||#app-model=12241
outbound_proxy=sip:192.168.0.31:5061\;transport=tls\;lr
auth_rejection_permanent=false
max_retries=9000
retry_interval=60
forbidden_retry_interval=60
fatal_retry_interval=60
Asterisk 18
[transport-udp]
type=transport
protocol=udp ;udp,tcp,tls,ws,wss,flow
bind=0.0.0.0
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
require_client_cert=true
verify_client=true
;cert_file=/path/mycert.crt
;priv_key_file=/path/mykey.key
cipher=ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA
method=tlsv1
[6001]
type=endpoint
transport=transport-tls
context=from-internal
disallow=all
allow=ulaw
allow=gsm
auth=6001
aors=6001
[6001]
type=auth
auth_type=userpass
password=6001
username=6001
[6001]
type=aor
max_contacts=1
contact=sip:6001@192.168.0.34:5061
And the wireshark tls
Thanks lot
G