search

signalwire / freeswitch

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a versatile software implementation that runs on any commodity hardware. From a Raspberry PI to a multi-core server, FreeSWITCH can unlock the telecommunications potential of any device.
https://freeswitch.com/#getting-started
Other
3.46k stars 1.39k forks source link

Error Creating SIP UA for profile: internal (sip:mod_sofia@192.168.0.112:5060;transport=udp,tcp) #1984

Open nn200433 opened 1 year ago

nn200433 commented 1 year ago

Describe the bug

Deploying FreeSWITCH in Docker

Changing the configuration file to enable WebRTC fails

To Reproduce

docker-compose.yml:

version: "3"
services:  
  freeswitch:
    container_name: freeswitch
    image: jayshah6101/freeswitch:v1.10.8
    restart: always
    privileged: true
    network_mode: host
    volumes:
      - ./config:/etc/freeswitch
      - ./resources:/usr/share/freeswitch
      #- /home/freeswitch/docker/log:/var/log/freeswitch
      - ./ssl:/usr/local/src/freeswitch/certs
      - ./sources.list:/etc/apt/sources.list

Directory Structure:

.
├── config
├── config_bak
├── docker-compose.yml
├── log
├── resources
├── sources.list
└── ssl

/freeswitch/vars.xml:

<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>

/freeswitch/sip_profiles/internal.xml:

<param name="tls-cert-dir" value="/usr/local/src/freeswitch/certs"/>

ssl:

./create_ssl.sh 192.168.0.112

cat server.crt server.key > wss.pem

ssl script:

#! /bin/bash
DOMAIN=pskzs.com
## 证书适用IP
IP=$(ip addr|awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}'|head -n 1)
DOMAIN_EXT=$IP
DATE=3650

echo 'ip为 '$IP

rm -rf ${DOMAIN} ca.key ca.csr ca.crt

mkdir ${DOMAIN}

# 生成CA根证书
## 准备ca配置文件,得到ca.conf
cat > ${DOMAIN}/ca.conf << EOF
[ req ]
default_bits       = 4096
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = BeiJing
localityName                = Locality Name (eg, city)
localityName_default        = BeiJing
organizationName            = Organization Name (eg, company)
organizationName_default    = pskzs
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = PSKZS CA Center
EOF

## 生成ca秘钥,得到ca.key
openssl genrsa -out ca.key 4096

## 生成ca证书签发请求,得到ca.csr
openssl req -new -subj "/C=CN/ST=BeiJing/L=BeiJing/O=pskzs/CN=PSKZS CA Center" -sha256 -out ca.csr -key ca.key -config ${DOMAIN}/ca.conf

## 生成ca根证书,得到ca.crt
openssl x509 -req -days ${DATE} -in ca.csr -signkey ca.key -out ca.crt

# 生成终端用户证书
## 准备配置文件,得到server.conf
cat > ${DOMAIN}/server.conf << EOF
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = BeiJing
localityName                = Locality Name (eg, city)
localityName_default        = BeiJing
organizationName            = Organization Name (eg, company)
organizationName_default    = pskzs
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
EOF
echo commonName_default          "=" ${DOMAIN} >> ${DOMAIN}/server.conf
cat >> ${DOMAIN}/server.conf << EOF

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
EOF
echo DNS.1 = ${DOMAIN} >> ${DOMAIN}/server.conf
echo DNS.2 = ${DOMAIN_EXT} >> ${DOMAIN}/server.conf
echo IP    = ${IP} >> ${DOMAIN}/server.conf

## 生成秘钥,得到server.key
openssl genrsa -out server.key 2048

## 生成证书签发请求,得到server.csr
openssl req -new -subj "/C=CN/ST=BeiJing/L=BeiJing/O=pskzs/CN=${DOMAIN}" -sha256 -out server.csr -key server.key -config ${DOMAIN}/server.conf

## 用CA证书生成终端用户证书,得到server.crt
openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt -extensions req_ext -extfile ${DOMAIN}/server.conf

Expected behavior

WebRTC is working properly

The sofia status profile internal command works correctly

Package version or git hash

freeswitch@localhost.localdomain> version
FreeSWITCH Version 1.10.8-release-20-3510866140~64bit (-release-20-3510866140 64bit)
root@localhost:/# cat /etc/issue
Debian GNU/Linux 10 \n \l

[root@localhost docker]# docker version
Client: Docker Engine - Community
 Version:           23.0.1
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        a5ee5b1
 Built:             Thu Feb  9 19:51:00 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.5
  Git commit:       bc3805a
  Built:            Thu Feb  9 19:48:42 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.18
  GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
[root@localhost docker]# 

[root@localhost docker]# docker compose version
Docker Compose version v2.16.0

Trace logs

Type /help <enter> to see a list of commands

+OK log level  [7]
2023-03-01 10:14:51.266482 99.97% [ERR] sofia.c:3296 Error Creating SIP UA for profile: internal (sip:mod_sofia@192.168.0.112:5060;transport=udp,tcp) ATTEMPT 2 (RETRY IN 5 SEC)
freeswitch@localhost.localdomain> sofia status profile internal
Invalid Profile!

2023-03-01 10:14:56.266483 99.90% [ERR] sofia.c:3296 Error Creating SIP UA for profile: internal (sip:mod_sofia@192.168.0.112:5060;transport=udp,tcp) ATTEMPT 3 (RETRY IN 5 SEC)
2023-03-01 10:14:56.266483 99.90% [ERR] sofia.c:3307 Error Creating SIP UA for profile: internal (sip:mod_sofia@192.168.0.112:5060;transport=udp,tcp)
The likely causes for this are:
1) Another application is already listening on the specified address.
2) The IP the profile is attempting to bind to is not local to this system.
2023-03-01 10:14:56.266483 99.90% [DEBUG] sofia.c:3576 Write lock internal
2023-03-01 10:14:56.266483 99.90% [DEBUG] sofia.c:3589 Write unlock internal
freeswitch@localhost.localdomain> reloadxml
+OK [Success]

2023-03-01 10:14:58.926475 99.90% [INFO] switch_stun.c:896 External ip address detected using STUN: 117.29.36.130
2023-03-01 10:14:59.086480 99.90% [INFO] switch_stun.c:896 External ip address detected using STUN: 117.29.36.130
2023-03-01 10:14:59.146485 99.90% [INFO] mod_enum.c:883 ENUM Reloaded
2023-03-01 10:14:59.146485 99.90% [INFO] switch_time.c:1431 Timezone reloaded 1750 definitions
freeswitch@localhost.localdomain> reloadxml
+OK [Success]

2023-03-01 10:15:03.846483 99.83% [INFO] switch_stun.c:896 External ip address detected using STUN: 117.29.36.130
2023-03-01 10:15:04.346481 99.83% [INFO] switch_stun.c:896 External ip address detected using STUN: 117.29.36.130
2023-03-01 10:15:04.406479 99.83% [INFO] mod_enum.c:883 ENUM Reloaded
2023-03-01 10:15:04.406479 99.83% [INFO] switch_time.c:1431 Timezone reloaded 1750 definitions
bit4bit commented 1 year ago

hi @nn200433 this may can help