hello guys,
i’ve following this tutorial to enabling TLS on my asterisk
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
here’s my sip.conf
[general]
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
context=default
allowoverlap=no
allowguest=yes
canreinvite=yes
allowanonymous=yes
bindport=5060
bindaddr=0.0.0.0
disallow=all
allow=alaw
allow=ulaw
allow=gsm
allow=g711
allow=g729
allow=g721
[5555]
transport=tls
context=default
type=friend
username=5555
secret=abc123
host=dynamic
dtmfmode=rfc2833
callerid=[jojohan]
when i type “sip reload” on asterisk CLI , it shows :
ubuntu*CLI> sip reload
Reloading SIP
== Parsing '/etc/asterisk/sip.conf': == Found
== Parsing '/etc/asterisk/users.conf': == Found
== Using SIP CoS mark 4
[2014-05-09 17:00:18] WARNING[1846]: chan_sip.c:28312 build_peer: 'tls' is not a valid transport type when tlsenable=no. If no other is specified, the defaults from general will be used.
== Parsing '/etc/asterisk/sip_notify.conf': == Found
it doesnt show " SSL certificate OK" …
here’s my log file :
[2014-05-09 17:00:18] VERBOSE[1846] chan_sip.c: Reloading SIP
[2014-05-09 17:00:18] VERBOSE[1846] config.c: == Parsing '/etc/asterisk/sip.conf': [2014-05-09 17:00:18] VERBOSE[1846] config.c: == Found
[2014-05-09 17:00:18] VERBOSE[1846] config.c: == Parsing '/etc/asterisk/users.conf': [2014-05-09 17:00:18] VERBOSE[1846] config.c: == Found
[2014-05-09 17:00:18] VERBOSE[1846] netsock2.c: == Using SIP CoS mark 4
[2014-05-09 17:00:18] WARNING[1846] chan_sip.c: 'tls' is not a valid transport type when tlsenable=no. If no other is specified, the defaults from general will be used.
[2014-05-09 17:00:18] VERBOSE[1846] config.c: == Parsing '/etc/asterisk/sip_notify.conf': [2014-05-09 17:00:18] VERBOSE[1846] config.c: == Found
when i run netstat -lt to show my tcp connection :
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:cisco-sccp *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN
tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN
it seems theres no tls connection to my ubuntu,
and here’s my sip client :
* Name : 5555
Secret : <Set>
MD5Secret : <Not set>
Remote Secret: <Not set>
Context : default
Subscr.Cont. : <Not set>
Language :
AMA flags : Unknown
Transfer mode: open
CallingPres : Presentation Allowed, Not Screened
Callgroup :
Pickupgroup :
MOH Suggest :
Mailbox :
VM Extension : asterisk
LastMsgsSent : 32767/65535
Call limit : 0
Max forwards : 0
Dynamic : Yes
Callerid : "[jojohan]" <>
MaxCallBR : 384 kbps
Expire : -1
Insecure : no
Force rport : Yes
ACL : No
DirectMedACL : No
T.38 support : No
T.38 EC mode : Unknown
T.38 MaxDtgrm: -1
DirectMedia : Yes
PromiscRedir : No
User=Phone : No
Video Support: No
Text Support : No
Ign SDP ver : No
Trust RPID : No
Send RPID : No
TrustIDOutbnd: Legacy
Subscriptions: Yes
Overlap dial : No
DTMFmode : rfc2833
Timer T1 : 500
Timer B : 32000
ToHost :
Addr->IP : (null)
Defaddr->IP : (null)
Prim.Transp. : UDP
Allowed.Trsp : UDP
Def. Username: 5555
SIP Options : (none)
Codecs : 0x80000008000e (gsm|ulaw|alaw|h263|testlaw)
Codec Order : (none)
Auto-Framing : No
Status : Unmonitored
Useragent :
Reg. Contact :
Qualify Freq : 60000 ms
Sess-Timers : Accept
Sess-Refresh : uas
Sess-Expires : 1800 secs
Min-Sess : 90 secs
RTP Engine : asterisk
Parkinglot :
Use Reason : No
Encryption : No
the Prim.Transp. : UDP and Allowed.Trsp : UDP , its still UDP.
am i missed something?
i’m using asterisk 1.8.27 and Ubuntu 12.04
hope u can help me, i’ve been try this for a week and still confusing with TLS
thank you very much
Johan