SIP TLS TRUNK between 2 asterisk server

sami-hep · February 16, 2022, 6:06pm

Do you mean i could still keep the certificate validation even without registration?
Because that is all what i am looking for.

sami-hep · March 1, 2022, 7:50am

hello guys, i made some modifications and this is what i am getting right now:

AST1 of ip address 192.168.133.100
AST2 of ip address 192.168.133.99

AST1 pjsip.conf:

[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0


[transport-tls]
type=transport
protocol=tls
bind=192.168.133.100:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
ca_list_file=/etc/asterisk/keys/ca.crt
ca_list_path=/etc/asterisk/keys
method=tlsv1_2
require_client_cert=no
verify_client=no
verify_server=no

AST2 pjsip.conf:

[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0


[transport-tls]
type=transport
protocol=tls
bind=192.168.133.99:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
ca_list_file=/etc/asterisk/keys/ca.crt
ca_list_path=/etc/asterisk/keys
method=tlsv1_2
require_client_cert=no
verify_client=no
verify_server=no

[trunk]
type=aor
contact=sip:192.168.133.100:5061

[trunk]
type=endpoint
context=phones
allow=gsm,alaw,ulaw
aors=trunk
direct_media=no
transport=transport-tls

[trunk]
type=identify
endpoint=trunk
match=192.168.133.99

AST2 extensions.conf:

exten => _02X.,1,Dial(PJSIP/${EXTEN:2:}@trunk)
same =>      n,Hangup()

Now i am trying to make a call from a sip account on AST2 to a sip account on AST1

and this is what i am getting at AST2:


[Mar  1 07:41:41] WARNING[1645]: pjproject: <?>:                   SSL SSL_ERROR                                                                                       _SSL (Read): Level: 0 err: <67567754> <rsa routines-RSA_padding_check_PKCS1_type                                                                                       _1-invalid padding> len: 65535 peer: 192.168.133.99:34417
[Mar  1 07:41:41] WARNING[1645]: pjproject: <?>:                   SSL SSL_ERROR                                                                                       _SSL (Read): Level: 1 err: <67530866> <rsa routines-rsa_ossl_public_decrypt-padd                                                                                       ing check failed> len: 65535 peer: 192.168.133.99:34417
[Mar  1 07:41:41] WARNING[1645]: pjproject: <?>:                   SSL SSL_ERROR                                                                                       _SSL (Read): Level: 2 err: <218910726> <asn1 encoding routines-ASN1_item_verify-                                                                                       EVP lib> len: 65535 peer: 192.168.133.99:34417

NOTE:
to be clear at each asterisk server i made their own certificates using the script!

NOTE:

if i make these modifications to trunk then the call goes fine!!

[trunk]
type=aor
contact=sip:192.168.133.100:5060

[trunk]
type=endpoint
context=phones
allow=gsm,alaw,ulaw
aors=trunk
direct_media=no
transport=transport-udp

[trunk]
type=identify
endpoint=trunk
match=192.168.133.99

david551 · March 1, 2022, 11:59am

Seems pretty pointless having TLS, then.

sami-hep · March 1, 2022, 12:01pm

i am just trying it to figure out what is the issue!!!

david551 · March 1, 2022, 12:03pm

You never authenticate the caller. Even for the callee, the certificate could be signed by the North Korean Ministry of Intelligence, for all you care.

sami-hep · March 1, 2022, 1:31pm

I already said that i am playing with the configurations just to try figuring out what is the issue.

system · March 31, 2022, 1:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.