Hello I am having issues trying to connect my sipphone to my asterisk server using tls, I am able to connect with tcp and udp, but no luck with tls. I have followed the instructions in the wiki but not luck. I am using CentOS 6(x64) used yum install asterisk (version 1.8.32.1)
When I use netstat -tupln it only shows 5060 udp and tcp, it does not show 5061
telnet localhot 5061 gives connection refused.
I have 5061 tcp and udp open in iptables and also turned off iptables to see if it was my firewall, but still not luck.
I though that maybe the binary asterisk from the repo didn’t include tls enabled, but
ldd /usr/sbin/asterisk | egrep 'ssl|srtp’
gives back a result
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fc1b371b000)
I followed these tutorials
wiki.asterisk.org/wiki/display/ … +Transport
remiphilippe.fr/sips-on-asterisk … -with-tls/
voip-info.org/wiki/view/SIP+TLS
;sip.conf
[general]
context = default
nat = yes
allowguest = no
alwaysauthreject = yes
udpbindaddr = 0.0.0.0
tcpenable = yes
tcpbindaddr = 0.0.0.0
tlsenable = yes
tlsbindaddr = 0.0.0.0
tlsbindport = 5061
tlscertfile = /etc/asterisk/keys/asterisk.pem
tlscafile = /etc/asterisk/keys/ca.pem
tlscapath = /etc/asterisk/keys
tlscipher = all
tlsdontverifyserver = no
tlsclientmethod = tlsv1
transport = tls, udp, tcp
[101]
type = friend
callerid = User One <101>
secret = test1
host = dynamic
canreinvite = no
dtmfmode = rfc2833
mailbox = 101
disallow = all
allow = ulaw
transport = tls, tcp, udp
[102]
type = friend
callerid = User One <102>
secret = test2
host = dynamic
canreinvite = no
dtmfmode = rfc2833
mailbox = 102
disallow = all
allow = ulaw
transport = tls, tcp, udp
;extension.conf
[general]
static=yes
writeprotect=no
[default]
exten => 101,1,Answer()
exten => 101,n,Dial(SIP/101,20,tr)
exten => 101,n,Hangup
exten => 102,1,Answer()
exten => 102,n,Dial(SIP/102,20,tr)
exten => 102,n,Hangup
When I unload and load chan_sip.so I get this
module unload chan_sip.so
Unloaded chan_sip.so
== Unregistered channel type ‘SIP’
== Unregistered custom function SIPCHANINFO
== Unregistered custom function SIPPEER
== Unregistered custom function SIP_HEADER
== Unregistered custom function CHECKSIPDOMAIN
== Unregistered application ‘SIPDtmfMode’
== Unregistered application ‘SIPAddHeader’
== Unregistered application ‘SIPRemoveHeader’
== Unregistered RTP glue ‘SIP’
== Manager unregistered action SIPpeers
== Manager unregistered action SIPshowpeer
== Manager unregistered action SIPqualifypeer
== Manager unregistered action SIPshowregistry
== Manager unregistered action SIPnotify
www*CLI> module load chan_sip.so
Loaded chan_sip.so
SIP channel loading…
== Parsing ‘/etc/asterisk/sip.conf’: == Found
== Parsing ‘/etc/asterisk/users.conf’: == Found
== SIP Listening on 0.0.0.0:5060
== Using SIP CoS mark 4
SSL cipher error == Parsing ‘/etc/asterisk/sip_notify.conf’: == Found
== Registered channel type ‘SIP’ (Session Initiation Protocol (SIP))
== Registered RTP glue ‘SIP’
== Registered application ‘SIPDtmfMode’
== Registered application ‘SIPAddHeader’
== Registered application ‘SIPRemoveHeader’
== Registered custom function ‘SIP_HEADER’
== Registered custom function ‘SIPPEER’
== Registered custom function ‘SIPCHANINFO’
== Registered custom function ‘CHECKSIPDOMAIN’
== Manager registered action SIPpeers
[Mar 19 21:10:42] ERROR[1468]: tcptls.c:868 ast_tcptls_client_start: Unable to connect SIP socket to 192.168.122.1:50638: Connection refused
== Manager registered action SIPshowpeer
== Manager registered action SIPqualifypeer
== Manager registered action SIPshowregistry
== Manager registered action SIPnotify
Loaded chan_sip.so => (Session Initiation Protocol (SIP)
I have this setup in a test lab on my comp as well as another server with a static ip, the address 192.168.122.1 is virbr0 (I assume that is the gateway, since mtr shows the hop after that is the network my computer is connected to)
Any help or suggestions would be appriciated, I will also keep updating this thread with any new information I get. Thank you.
