TLS is a security layer in top of TCP, so apparently tcp has to be
specified as a listening transport layer to make tls work. Starting with
v3.0.0, tls code is in a module, so the core might not initialize tcp if
it does not have afferent sockets. Not sure what would take to make it
work with tls only sockets - but definitely is no impact on resources,
because the worker processes are the same for tcp and tls.
You can forbid tcp traffic from config file:
if(proto=TCP) {
send_repply("403", "Not allowed");
exit;
}
Cheers,
Daniel
On 11/5/12 11:18 AM, Ramazan Yilmaz wrote:
Keeping listen=tls...., I also included "listen=tcp:127.0.0.1:5060
<http://127.0.0.1:5060>". On restart it says,
Listening on
tcp: 127.0.0.1:5060 <http://127.0.0.1:5060>
tls: XX.XX.XX.XX [XX.XX.XX.XX]:5061
Aliases:
*: XX.XX.XX.XX:*
kamailio started.
And now kamctl ps gives,
Process:: ID=0 PID=931 Type=attendant
Process:: ID=1 PID=933 Type=slow timer
Process:: ID=2 PID=934 Type=timer
Process:: ID=3 PID=935 Type=MI FIFO
Process:: ID=4 PID=936 Type=ctl handler
Process:: ID=5 PID=937 Type=MI DATAGRAM
Process:: ID=6 PID=938 Type=TIMER NH
Process:: ID=7 PID=939 Type=tcp receiver (generic) child=0
Process:: ID=8 PID=940 Type=tcp receiver (generic) child=1
Process:: ID=9 PID=941 Type=tcp receiver (generic) child=2
Process:: ID=10 PID=942 Type=tcp receiver (generic) child=3
Process:: ID=11 PID=943 Type=tcp main process
And, now I can register to kamailio :) No error is written in syslog.
An interesting workaround...
Is this normal? i.e. is listening on a tcp port mandatory?
On Mon, Nov 5, 2012 at 12:03 PM, Daniel-Constantin Mierla
<mico...@gmail.com <mailto:mico...@gmail.com>> wrote:
Hello,
can you put also:
listen=tcp:127.0.0.1:5060 <http://127.0.0.1:5060>
?
Cheers,
Daniel
On Mon, Nov 5, 2012 at 9:31 AM, Ramazan Yilmaz
<ramazan...@gmail.com <mailto:ramazan...@gmail.com>> wrote:
Any idea?
I have shared my tls configuration with you in my previous
post, and as I said, that configuration works with kamailio
3.2.4. After silence of 4 days, do you confirm that it is a
bug? If so, how can it be solved? Any suggestion?
On Thu, Nov 1, 2012 at 4:23 PM, Ramazan Yilmaz
<ramazan...@gmail.com <mailto:ramazan...@gmail.com>> wrote:
In my kamailio configuration, I already have "#!define
WITH_TLS". And some more about my configuration:
listen=tls:XX.XX.XXX.XX:5061
#!ifdef WITH_TLS
enable_tls=yes
#!endif
#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-3.3/etc/kamailio/tls.cfg")
#!endif
And my tls.cfg is,
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key =
/usr/local/kamailio-3.3/etc/kamailio/kamailio.key
certificate =
/usr/local/kamailio-3.3/etc/kamailio/kamailio.pem
[client:default]
verify_certificate = yes
require_certificate = yes
I have just installed kamailio 3.2.4 on some other server
to see whether the problem is with my configuration/my
system or with kamailio release. I again installed Ubuntu,
and I installed the requested packages via apt-get, as I
had done on problematic system. I used exactly the same
configuration file, except changing the domain/ip values.
And it worked. Then I used the same configuration file on
some other versions of Ubuntu server, and it worked again.
So, it really seems as a bug in kamailio.
It seems the worker children cannot be forked for some
reason at startup, so I enabled WITH_DEBUG directive and
restarted the kamailio. The output is attached to this
mail. I hope it helps.
Best,
--
Daniel-Constantin Mierla
http://www.asipto.com
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 -
http://asipto.com/u/katu
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
