Open M-Stenzel opened 3 years ago
M-Stenzel
commented
3 years ago This is an update:
the chain as described works indeed, I am able to establish a TLS connection by changing entry transports=sips:0.0.0.0:5060
to transports=sips:0.0.0.0:5061
As per RFC 3261 the TLS port NEEDS to be 5061.
Now everything is set up as wanted, though I am still struggling to make it work with linphone (Groundwire works). Again it seems to be a problem with configuration (?).
Martin.
sanjayws
commented
3 years ago Hi, did you manage to get it to work on Linphone eventually?
M-Stenzel
commented
3 years ago Dear Sanjay,
thanks for asking! Yes, finally I made it work, configuration was wrong.
So no problem with the software itself,
Martin.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF/VIZ8BEADrUBes4ZkfCVpNpChElDxCwIorpTjiZIrzTXvXKX4zH1pQrF/c i6XJ9R6B2y/XPm22VrdngLErqBvM60LIVwrAplPrenc+UQJ7829IpaNcb/DqnYlB 2Q418bP3J9CN36NlQFNGeycc5pEt9E01MWjxN5YHAyYNEokNj7/OclD83d4aTvLP OyZSChH2IKvywM8E/bclNVHYeyxkJtbuwyBu+IRQojm02PzuomPUARuTCAutCF3k N45kA6tMYXuW03Mn4yyDKp/p8NQ59KyPj1WJVlxvpIzk+hh0Wrrq0sbXbav7jg3a oV1tjjK320NxvLzs7QZI0lcjojamMdHc9tm43/31PxL+CQQcTLlm2xeBjsYfEACE p1d+OWiDB0jN7TX6sBoWlz9lpSUSwnldVW3n2JHhY84gSQhujF5gccCpupUet8hq MBmFp42h+dXx8dzpeXqBoHeCn5Q6NtxGEG0mu5RYNaHvgrx00G66cutIVZUfryZm l3oq/WKVXGc4x/Zvv8RIiPWFmY0DEczE2fN5Way0Yo1x9WT3UZMkdnZhIcEqUVKU hIuvSkwr30/ZS7TIE1wwheWDfjpLZ7zEhjiK5PAV+AFjKl/Sjptsjc+YsHG1MDHa JM2GLoLIxbZMuj7ENWUQBw7e2zukyQKVcH+6FXSH6BJUt7Vd7SO9tWX1MQARAQAB tCtNYXJ0aW4gU3RlbnplbCA8bS5zdGVuemVsQG1haWwueHktc3BhY2UuZGU+iQI1 BBABCAAfBQJf1SGfBgsJBwgDAgQVCAoCAxYCAQIZAQIbAwIeAQAKCRBJ6ZRm52MB SATxD/9AOdsZR+GecHbk9NJQz0xeW2HU4nshPqXVAHdmq3SfMLP/BhHgKNth5t1B iX9U1l4ivGO0IZNWTlCHQj6/WnmDD+QyagyLVED4BE2aBKqKE7e+p99CzYb1yHzL NYoMs0GupBbUr5tYAKpc5ed2TjOLTnhM9zrzT98UhUlr0kkIyOOjKFFeM+ulAgJp C+2049qq02l1XU/RUI/ip/surJtOLO4GOLjUmmT3L/4gEPOx6BQ7Tql1/3RNGMfa q0B1fYdA+mqCghbp9DAvQoOljUV5+nnF31ZyiXoFY1APsYyzxkwOg4SIleujM9bm vTaQSyT8hyGVnhye1E9wOtTdeCvps3kg0iVV0SX+AJ+uuYsGs2UZsVkrFsA9qA6F uUMT+JUWT11RqagotqH7pucUmt5F3aFTzkuEeJW6fXvuSx0eBQWG4XIIpc0J5nuZ wbSFVGsjKWS8BV3agxiqtillJq3qbCSAIutbiRroupk6DTAV+/tfvDo6O6vmzpD/ F13xCWqx0pQO6/K9eku5lYCWwRoNAnmm92YMI50N4CISfGHw1DUNMHjxQj3axRtv mWCwEKjrRU7OWfDNzzJQgglwhWQChli4kNHHC0aVCUCF3HWjcW0qSg0hdMBsB7Qt zVXxEFg0k5zYl+z+L0nzx2hMreYYuX5JRqLztcpwF79rFJZgKrkCDQRf1SGfARAA ypFKB4gczOB1nrJ/cnzkCG/bv4G8/1NCE3uxYLhxVpWwVW+mutuqGpaxIL4cJjpu HCBrhECSWbqYDTiKAeLFpU3WAewjUnJQ1bE1TcFJXxuRXhcHY4o5ZDrJ4c3UmvEt G3lPuVWk0L5LNhkjGuJ46TAxTntWiB+OLRuPCEeiXoAaqsi6+VC1uMc3VouparrV o1H2fUZCJ4XcxBNZmpgs7z573r0L7HfMN62Ox5QSjVSMCv5ZNWum7hJGl+6IeFD0 KgxwbCAHiJMBsv0TMkwtj3CUk//S/mQgMwhxKrmMqyf/uC6mbbVAgr4KcA4LPkYT B0+ZmplZjb07Raz3fheEI8GirQeyH5VQpcTuJ1PLUPxIFS71L/VrZW14ScTy/Eng b/4fDfEpv+zly8RuVja6jbjbxTZSXGrNE7GF3cu5n0d1W2f0IZSceiQ88wglMeRh aesY3LBWhwwLGMwhXR9avv1zw7vyRDkbGR+4LZ0e0gf3DWFCrGmMy7xk9ZR/lNKK B6zzPPjiYbPL9ooyVrhKeGZGniS4i6v8N/Ps/E9G/cBkPBD6wA7BqgJIy6Xol4yW xgg7LMueg2hlbKWmSIL0q9x/CU2jH5Y8h9w3T9zBAFY5q1gXiST1MKuvY21lGZuK 2GfAkp6fl46k6TboWdxvi/Sb7C+VtXBCQD0HQB5dyPkAEQEAAYkCHwQYAQgACQUC X9UhnwIbDAAKCRBJ6ZRm52MBSKRfEACij4CVjrWhb71aZ3q/m7MQ/2q98cbLVKKD A6wcIuW18e6S1jTewG6uAu+fpXS97OPKgZcQj+jf77qx1VL+UrhL56otOhDQBsuv UQn9JmWtTSTqN3q1niTUJomL94QeWcvK/TS00hIAd8ibrlJHy0iVQpHiswwXjtay f7szsWeA73sg95X8pPYsTkzImbuU2V3l+mHgD9PRj26AuTyyBpuxopjRV8Fv+T0M yNwIdX+bxQbgAfz6DjDJuQjdCE25heLxsIsdECu4icSB+C0r64E+YposlCgojg2o tDEPcqI5AIUmudKuLsz0aE8MGs+Ao9AwvoSZvxaRH9HRuNvjTvVh/8mvlvPGrcpP jp2nteZGmK6K4jfWKpWzel2CrE0HgUuUuIvDnLn3KjfYbTCUePY//hoOzh8tUIpu dsYakaHovL1JcYNQp8B6O1FdhDWPZcXIFXE0e+Ze9qaoL42b5ffJbQmCp0uxM1OP WD+daDacEfzsp8q6BmzjLBeA80gHK3W2Zt+ZfTN8/HmAV8ukhPlSv2wAnJLt7TDP L4/UG+QKbEpdrstJxcO+pY32Q/GoCyr///kW8koUe8ON9W0xx79AaOKv9z7f9n9V UwdhUYhprUDCUASgDzDJO69R4TO1CQc9AK6FtgT0NE4jHU7xvEsPUpIaqGy+zQQN 2GvBVs8FBw== =y232 -----END PGP PUBLIC KEY BLOCK-----
On 2021-06-12 05:25, Sanjay WS wrote:
Hi, did you manage to get it to work on Linphone eventually?
-- You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub [1], or unsubscribe [2].
[1] https://github.com/BelledonneCommunications/flexisip/issues/118#issuecomment-859990258 [2] https://github.com/notifications/unsubscribe-auth/ASK2NWCQQDPGECMZZSJDFLTTSLHSTANCNFSM43QTHZ5Q
sanjayws
commented
3 years ago Awesome. I just got it to work too. I used asterisk as backend pbx. I can dial on pbx extensions for example to check the time on the server but i can't seem to call extensions (e.g. 1000 calling 1001), it fails. Still troubleshooting.. 🈂️
Glad to know your configs are working, your comment led to fixing the cert issues. Linphone and Flexisip documentation is pretty scarce and many people just have to just guess things..i hope i can contribute to the documentation someday.
sercangoger
commented
2 years ago I have SSL problem too. in config settings at the moment
In this way, what kind of setting do I need to make in the config so that I can do SSL?
jmvillaltas
commented
7 months ago This is an update:
the chain as described works indeed, I am able to establish a TLS connection by changing entry transports=sips:0.0.0.0:5060
to transports=sips:0.0.0.0:5061
As per RFC 3261 the TLS port NEEDS to be 5061.
Now everything is set up as wanted, though I am still struggling to make it work with linphone (Groundwire works). Again it seems to be a problem with configuration (?).
Martin.
Hello Mr. Could you show me the configuration you have in your flexisip.conf? Do you only use the proxy module to handle TLS or do you also use the B2BUA module?
Hi team,
after I managed to setup flexisip as SIP proxy as described here
[https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/1.%20Installation/]
I setup Debian stretch with all the latest patches and flexisip version 2.0.4. I set up TLS with Let's Encrypt certificates like this
cd /etc/flexisip/tls cp /etc/letsencrypt/live/123/privkey.pem ./ cp /etc/letsencrypt/live/123/cert.pem ./ cp /etc/letsencrypt/live/123/fullchain.pem ./cafile.pIem awk 1 privkey.pem cert.pem > ./agent.pem
I do hope that flexisip is satisfied with both cafile.pem and agent.pem (do not know how to verify...)
Snippet from flexisip.conf:
[global] ... transports=sips:0.0.0.0:5060 tls-certificates-dir=/etc/flexisip/tls require-peer-certificate=false
Expected behaviour would mean that I can connect from Zoiper/Linphone/Groundwire (tried all 3 of them) via TLS, however the connection fails. TCP works though. In the log files (in message level) I do not receive any information as to the TLS handshake, nothing.
How can I find out (messages etc.) about problems with the SSL handshake? Is my certificate chain o.k.?
Martin.