adubovikov
commented
6 years ago Closed UjjwalaVuyyala closed 6 years ago
adubovikov
commented
6 years ago 
UjjwalaVuyyala
commented
6 years ago Thank you, Changing the order worked.
kYroL01
commented
6 years ago It seems that this passage is not so clear, so I updated the wiki.
UjjwalaVuyyala
commented
6 years ago Hello, I ran into another issue. I set up kamailio with a self signed certificate (not trusted) and made test calls. I can decrypt it using wireshark but I don't see any packets going to the Homer server from the Captagent. However, SIP without TLS works well. I have attached the pcap file (SIP Server 10.200.2.12:5061), Captagent logs with debug = 10 and private key (self signed cert that I use in my test environment). Please help me in resolving this issue, Thank you. captagent.zip
lmangani
commented
6 years ago @UjjwalaVuyyala please confirm what you have configured and we'll look into it happily. How did you generate your certificate? Is it a supported cypher? @kYroL01 can you check the provided example to confirm if its DH?
kYroL01
commented
6 years ago Ok so, this is not DH, but the key has generated with CBC-mode (Cipher Block Chaining) instead the supported GCM-mode (Galois/Counter). But it's a good news, because I could try to integrate it into captagent, so we'll have also this kind of cipher set. I'm going to work on that in the following days and let u know @UjjwalaVuyyala if I'm able to reproduce the decryption on the agent. The only thing is that you're using TLSv1 and not TLSv1.2, but, as i said, i'll investigate better on it. Thanks!
UjjwalaVuyyala
commented
6 years ago @lmangani, Thank you for replying, I generated the cert long back, (using openssl I guess) I can post the cert here. It is not DH as I can see TLS_RSA_WITH_AES_256_CBC_SHA in the server hello and decrypt it using wireshark.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=**, L=**, O=**, OU=**, CN=**
Validity
Not Before: Jan 9 21:09:39 2018 GMT
Not After : Jan 9 21:09:39 2019 GMT
Subject: C=UA, ST=**, O=**, OU=**, CN=**
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cd:1e:7a:aa:b8:19:c0:af:bf:2d:56:59:85:d5:
f8:bd:16:3c:04:8a:fe:54:63:ff:3c:89:b5:a1:12:
93:49:5b:d5:a8:7d:21:c1:0d:70:c0:65:64:ad:61:
df:76:a5:8f:b4:bf:f2:bf:bc:9f:cd:bd:02:0f:9e:
86:08:e6:af:26:29:6f:c3:3a:73:ba:5f:5f:07:8e:
5e:8e:6a:3b:fb:38:18:e9:e6:bc:91:57:6a:25:62:
91:65:e0:1e:d8:ad:f0:51:c5:42:ed:4c:b7:a3:a4:
ca:61:df:1d:11:5d:ab:55:c5:5b:30:09:e5:f4:2b:
1b:5c:00:1a:74:96:47:44:52:21:b4:2a:23:72:74:
c6:57:72:d1:97:b7:8e:41:3f:d2:c8:b2:bb:68:9a:
ca:47:bd:46:5b:99:9c:ce:1b:08:6e:16:ec:09:06:
71:a7:91:72:f9:79:38:e2:68:01:a4:9a:1a:e5:0d:
8a:b7:7d:eb:e1:6f:65:f4:7f:4c:82:43:80:4e:7b:
03:e3:65:f1:af:64:08:54:ab:43:6e:83:cb:b3:ea:
ef:ad:9c:e8:43:d1:da:7a:7d:91:97:ee:a3:e8:95:
73:d2:d4:69:4c:30:ab:ae:69:d1:a1:6c:17:e7:32:
1d:ea:10:a7:f9:2a:fd:f3:b4:b7:ca:3b:19:9b:63:
be:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
90:0F:FC:AF:B9:0E:19:24:C7:7C:9C:AE:A2:8C:13:0C:13:65:7A:D7
X509v3 Authority Key Identifier:
keyid:AB:29:CD:B5:AA:F0:41:3B:EB:E1:3B:EA:21:15:94:24:E2:FE:39:$
Signature Algorithm: sha256WithRSAEncryption
2c:a1:32:60:8e:4b:2d:1a:e3:b8:c9:ae:05:c8:eb:ab:62:61:
1c:fb:94:37:0b:e1:5d:3f:93:20:e2:21:52:10:e1:18:63:5b:
8a:c3:dd:1c:51:db:36:78:3b:8d:43:52:82:51:01:ea:a2:d1:
58:f7:b1:43:20:6b:ab:8b:2f:e0:77:4e:f2:a2:74:ef:72:c7:
c4:7c:80:4b:64:26:99:42:32:64:6f:4e:6b:0d:68:fd:a8:7e:
66:e6:17:85:99:cb:b8:b1:b9:e6:99:86:37:05:29:99:2a:89:
f6:d0:98:88:2d:27:cc:d1:1b:9a:87:8c:5e:19:dd:39:e9:9e:
99:bc:7c:15:08:4a:00:68:44:16:7d:74:76:ce:06:0d:81:5a:
96:c7:89:c3:ec:50:11:f3:ca:40:12:be:70:13:38:08:99:bb:
2e:26:1e:51:b2:27:2d:a9:78:40:1a:5b:0a:23:ef:96:13:70:
f7:50:04:7a:2b:9a:71:ed:52:5e:3a:d0:c7:18:9e:b2:4f:59:
ca:f7:8b:49:dc:24:a4:05:30:46:07:53:4f:3e:b6:fd:42:39:
fb:36:58:e5:b7:aa:66:30:6e:41:1b:4e:08:f7:05:45:c9:4a:
24:ac:7a:5d:c7:1b:8c:8c:0f:c0:6a:c2:ae:7e:40:a6:96:64:
ca:54:b2:d8
-----BEGIN CERTIFICATE-----
MIIEIjCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVUEx
ETAPBgNVBAgMCFZpcmdpbmlhMRAwDgYDVQQHDAdIZXJuZG9uMRIwEAYDVQQKDAlO
ZXh2b3J0ZXgxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA9teXNpcGRv
bWFpbi5jb20xJjAkBgkqhkiG9w0BCQEWF3N1cHBvcnRAbXlzaXBkb21haW4uY29t
MB4XDTE4MDEwOTIxMDkzOVoXDTE5MDEwOTIxMDkzOVowgYwxCzAJBgNVBAYTAlVB
MREwDwYDVQQIDAhWaXJnaW5pYTESMBAGA1UECgwJTmV4dm9ydGV4MRQwEgYDVQQL
DAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPbXlzaXBkb21haW4uY29tMSYwJAYJKoZI
hvcNAQkBFhdzdXBwb3J0QG15c2lwZG9tYWluLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAM0eeqq4GcCvvy1WWYXV+L0WPASK/lRj/zyJtaESk0lb
1ah9IcENcMBlZK1h33alj7S/8r+8n829Ag+ehgjmryYpb8M6c7pfXweOXo5qO/s4
GOnmvJFXaiVikWXgHtit8FHFQu1Mt6OkymHfHRFdq1XFWzAJ5fQrG1wAGnSWR0RS
IbQqI3J0xldy0Ze3jkE/0siyu2iayke9RluZnM4bCG4W7AkGcaeRcvl5OOJoAaSa
GuUNird96+FvZfR/TIJDgE57A+Nl8a9kCFSrQ26Dy7Pq762c6EPR2np9kZfuo+iV
c9LUaUwwq65p0aFsF+cyHeoQp/kq/fO0t8o7GZtjvrcCAwEAAaN7MHkwCQYDVR0T
BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFJAP/K+5Dhkkx3ycrqKMEwwTZXrXMB8GA1UdIwQYMBaAFKsp
zbWq8EE76+E76iEVlCTi/jn/MA0GCSqGSIb3DQEBCwUAA4IBAQAsoTJgjkstGuO4
ya4FyOurYmEc+5Q3C+FdP5Mg4iFSEOEYY1uKw90cUds2eDuNQ1KCUQHqotFY97FD
IGuriy/gd07yonTvcsfEfIBLZCaZQjJkb05rDWj9qH5m5heFmcu4sbnmmYY3BSmZ
Kon20JiILSfM0Ruah4xeGd056Z6ZvHwVCEoAaEQWfXR2zgYNgVqWx4nD7FAR88pA
Er5wEzgImbsuJh5RsictqXhAGlsKI++WE3D3UAR6K5px7VJeOtDHGJ6yT1nK94tJ
3CSkBTBGB1NPPrb9Qjn7Nljlt6pmMG5BG04I9wVFyUokrHpdxxuMjA/AasKufkCm
lmTKVLLY
-----END CERTIFICATE-----My Captagent configs:
captagent.xml
<?xml version="1.0"?>
<document type="captagent/xml">
<configuration name="core.conf" description="CORE Settings" serial="2014024212">
<settings>
<param name="debug" value="10"/>
<param name="version" value="2"/>
<param name="serial" value="2014056501"/>
<param name="uuid" value="00781a4a-5b69-11e4-9522-bb79a8fcf0f3"/>
<param name="daemon" value="false"/>
<param name="syslog" value="false"/>
<param name="pid_file" value="/var/run/captagent.pid"/>
<!-- Configure using installation path if different from default -->
<param name="module_path" value="/usr/local/captagent/lib/captagent/modules"/>
<param name="config_path" value="/usr/local/captagent/etc/captagent/"/>
<param name="capture_plans_path" value="/usr/local/captagent/etc/captagent/captureplans"/>
<param name="backup" value="/usr/local/captagent/etc/captagent/backup"/>
<param name="chroot" value="/usr/local/captagent/etc/captagent"/>
</settings>
</configuration>
<configuration name="modules.conf" description="Modules">
<modules>
<load module="transport_hep" register="local"/>
<load module="protocol_sip" register="local"/>
<load module="database_hash" register="local"/>
<load module="protocol_rtcp" register="local"/>
<load module="protocol_tcp" register="local"/>
<load module="socket_pcap" register="local"/>
<!-- NOTE: Block required for RTCPXR socket + RTCPXR protocol -->
<!--
<load module="protocol_rtcpxr" register="local"/>
<load module="socket_collector" register="local"/>
-->
<!--
<load module="socket_tzsp" register="local"/>
<load module="protocol_ss7" register="local"/>
<load module="protocol_tcp" register="local"/>
<load module="output_json" register="local"/>
<load module="protocol_rtcp" register="local"/>
<load module="interface_http" register="local"/>
<load module="database_redis" register="local"/>
<load module="socket_pfring" register="local"/>
-->
</modules>
</configuration>
</document>Socket_pcap.xml
<?xml version="1.0"?>
<document type="captagent_module/xml">
<module name="socket_pcap" description="HEP Socket" serial="2014010402">
<profile name="socketspcap_sip" description="HEP Socket" enable="true" serial="2014010402">
<settings>
<param name="dev" value="any"/>
<param name="promisc" value="true"/>
<param name="reasm" value="false"/>
<param name="tcpdefrag" value="false"/>
<param name="capture-plan" value="sip_capture_plan.cfg"/>
<param name="filter">
<value>port 5060</value>
</param>
</settings>
</profile>
<profile name="socketspcap_tls" description="TLS Socket" enable="true" serial="2014010402">
<settings>
<param name="dev" value="any"/>
<param name="promisc" value="true"/>
<param name="reasm" value="false"/>
<param name="tcpdefrag" value="true"/>
<param name="capture-plan" value="tcp_capture_plan.cfg"/>
<param name="filter">
<value>tcp port 5061</value>
</param>
</settings>
</profile>
<profile name="socketspcap_rtcp" description="RTCP Socket" enable="true" serial="2014010402">
<settings>
<param name="dev" value="any"/>
<param name="promisc" value="true"/>
<param name="reasm" value="false"/>
<!-- size in MB -->
<param name="ring-buffer" value="20"/>
<!-- for rtp && rtcp < 250 -->
<param name="snap-len" value="256"/>
<param name="capture-filter" value="rtcp"/>
<param name="capture-plan" value="rtcp_capture_plan.cfg"/>
<param name="filter">
<value>portrange 10000-30000 and len >=50 </value>
</param>
</settings>
</profile>
</module>
</document>Apart from the above, I changed the path of the private key in transport_tcp.xml and changed IP address of capture host in transport_hep.xml
UjjwalaVuyyala
commented
6 years ago @kYroL01 Thank you very much, that would be of great help.
Hello, I was trying to use the TLS support for Captagent but could not get it to work. I followed the Wiki page for TLS on this repo for installation and configuration. These were the logs produced while Captagent started
I do not see any packets going to the Homer server. However, SIP without TLS works well. Please help me in correcting this issue. Thank you.