Discussion:
[SR-Users] Plz help: MSILO on TLS + cert based client auth enabled server
Marc M.
2014-06-24 12:03:04 UTC
Permalink
Hi,

I have a SIP server with TLS + client certificate based authentication.
The server is listening for SIP(UDP) on port 5060, and for SIPS(TLS) on port 5061)
The client certificate based authentication is enforced on port 5061.
I would like to fire up MSILO and face now a strange problem:

At each REGISTER, the stored messages get dumped.
Dumped messages get sent to the clients from senders logged in over port 5060(UDP) as SIP:xxxxxxxxx-***@public.gmane.org

however

Dumped messages are NOT sent to clients from senders logged in on port 5061(TLS) as SIPS:xxxxxxxx-***@public.gmane.org

It looks like the messages get dumped so M-dump() is working, but they will never enter the route.
I would assume TLS is stopping the dumped messages to entering the route logic.

I would either
1. somehow force m_dump() to pipe the messages over SIP(and not SIPS), or
2. disable client auth for messages recieved from local ip


Can you help me how to proceed? What would be the correct approach?
Can you help me with either 1 or 2.

You help is greatly appreciated!!!

Marc
Daniel-Constantin Mierla
2014-07-29 12:15:37 UTC
Permalink
Hello,

the typical way a dumped message is routed:

- from msilo is sent back to same instance of kamailio via udp
- kamailio receives it and does lookup("location") to figure out where
to sent it

Be sure that you allow looped requests without authentication.
Eventaully you can run kamailio with debug=3 and watch the messages in
the syslog for more details.

Cheers,
Daniel
Post by Marc M.
Hi,
I have a SIP server with TLS + client certificate based authentication.
The server is listening for SIP(UDP) on port 5060, and for SIPS(TLS) on port 5061)
The client certificate based authentication is enforced on port 5061.
At each REGISTER, the stored messages get dumped.
Dumped messages get sent to the clients from senders logged in over
however
Dumped messages are NOT sent to clients from senders logged in on port
It looks like the messages get dumped so M-dump() is working, but they
will never enter the route.
I would assume TLS is stopping the dumped messages to entering the route logic.
I would either
1. somehow force m_dump() to pipe the messages over SIP(and not SIPS), or
2. disable client auth for messages recieved from local ip
Can you help me how to proceed? What would be the correct approach?
Can you help me with either 1 or 2.
You help is greatly appreciated!!!
Marc
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Loading...