minisip-OpenSER registration problem

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

minisip-OpenSER registration problem

Pjothi

Dear all,

 

The scenario is, I want to register minisip client(SUSE Linux 10) with OpenSER (Suse Linux 10) in a LAN scenario for a demo.

 

I compiled & installed OpenSER with TLS support and I can start OpenSER and it listens on the following address 192.168.0.4:5061. I created a CA cert, server certificate and a client certificate with the scripts provided by OpenSER. I ported the client certificate, private key and ca list to minisip running machine ( 192.168.0.3) and then loaded in the client. The user I created in OpenSER using openserctl is user2 and I can check out the user in MySQL table.

 

Minisip GUI configuration:

 

Configuring the user: user2 in minisip, I set the network port to: 5061

Certificate settings: I loaded the certificate, private key and ca_list u

I enable TLS(5061), TCP(5060)

 

Problem: When I start minisip, after starting OpenSER, I get the following error. I have also pasted the OpenSER.cfg file below the error. In the minisip status, it also shows the client is still unregistered. Any suggestions/help in this regard is greatly appreciated.

 

MINISIP ERROR:

 

linux:/home/user1/minisip # minisip
Starting MiniSIP ... welcome!
Initializing NetUtil
Creating SipSoftPhoneConfiguration
init 1/9: Creating timeout provider
init 2/9: Creating GUI
Creating GTK GUI
(minisip:5575): gtkmm-WARNING **: gtkmm: Attempt to call Gtk::manage() on a Gtk::Window, but a Gtk::Window has no parent container to manage its lifetime.
Minisip: gtk 1
Minisip: gtk 2
Setting contact db
Thread 2 running - doing initParseConfig
init 3/9: Parsing configuration file ()
config file version checked ok!
SipIdentity::SipIdentity : cretated identity id=1
SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
SipIdentity::setSipProxy: autodetect is false; userUri= [hidden email] ; transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
SipProxy:setProxy(str) : addr = 192.168.0.4
SipIdentity::setProxy: manual sipproxy success ...
SipIdentity::setProxy: else ...
Identities:
identity=1; username=user2; domain= 192.168.0.4 proxy=[proxyString=192.168.0.4 ; proxyString=192.168.0.4 ; port=5061; transport=TLS; autodetect=no; user=user2; password=user2; expires=1000]; isRegistered=0
init 4/9: Creating IP provider
SimpleIPProvider: localIp =
SimpleIPProvider: checking interface = lo with IP= 127.0.0.1
SimpleIPProvider: checking interface = eth0 with IP= 192.168.0.3
SimpleIPProvider: using localIP = 192.168.0.3
init 5/9: Creating MediaHandler
Sound I/O: using Spatial Audio Mixer
Adding audio codec: G.711
init 6/9: Creating MSip SIP stack
init 7/9: Connecting GUI to SIP logic
init 8.2/9: Starting TCP transport worker thread
init 9/9: Registering Identities to registrar server
Registering user [hidden email] to proxy 192.168.0.4 , requesting domain 192.168.0.4
SipMessageTransport: sendMessage: creating new socket
Creating new SSL_CTX
SSL: connect failed
SipMessageTransport: sendMessage: exception thrown!
SipMessageTransport: sendMessage: creating new socket
SSL: connect failed
SipMessageTransport: sendMessage: exception thrown!
SipMessageTransport: sendMessage: exception thrown!
SipIdentity::SipIdentity : cretated identity id=2
SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
SipIdentity::setSipProxy: autodetect is false; userUri= [hidden email] ; transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
SipProxy:setProxy(str) : addr = 192.168.0.4
SipIdentity::setProxy: manual sipproxy success ...
SipIdentity::setProxy: else ...
Sound I/O: using Spatial Audio Mixer
Adding audio codec: G.711
SipIdentity::SipIdentity : cretated identity id=3
SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
SipIdentity::setSipProxy: autodetect is false; userUri= [hidden email] ; transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
SipProxy:setProxy(str) : addr = 192.168.0.4
SipIdentity::setProxy: manual sipproxy success ...
SipIdentity::setProxy: else ...
Sound I/O: using Spatial Audio Mixer
Adding audio codec: G.711
SipIdentity::SipIdentity : cretated identity id=4
SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
SipIdentity::setSipProxy: autodetect is false; userUri= [hidden email] ; transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
SipProxy:setProxy(str) : addr = 192.168.0.4
SipIdentity::setProxy: manual sipproxy success ...
SipIdentity::setProxy: else ...
Sound I/O: using Spatial Audio Mixer
Adding audio codec: G.711
 

OpenSER.cfg

 

# $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $

#

# simple quick-start config script

#

 

# ----------- global configuration parameters ------------------------

 

debug=3            # debug level (cmd line: -dddddddddd)

fork=yes

log_stderror=no     # (cmd line: -E)

 

/* Uncomment these lines to enter debugging mode

fork=yes

log_stderror=yes

*/

 

check_via=no      # (cmd. line: -v)

dns=no          # (cmd. line: -r)

rev_dns=no      # (cmd. line: -R)

port=5060

children=4

fifo="/tmp/openser_fifo"

 

#

# uncomment the following lines for TLS support

disable_tls = 0

listen = tls: 192.168.0.4:5061

tls_verify = 1

tls_require_certificate = 0

tls_method = TLSv1

tls_certificate = "/usr/local/etc/openser/user/user- cert.pem"

tls_private_key = "/usr/local/etc/openser/user/user- privkey.pem"

tls_ca_list = "/usr/local/etc/openser/user/user- calist.pem"

#tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"

 

 

# ------------------ module loading ----------------------------------

 

# Uncomment this if you want to use SQL database

loadmodule "/usr/local/lib/openser/modules/mysql.so"

 

loadmodule "/usr/local/lib/openser/modules/sl.so"

loadmodule "/usr/local/lib/openser/modules/tm.so"

loadmodule "/usr/local/lib/openser/modules/rr.so"

loadmodule "/usr/local/lib/openser/modules/maxfwd.so"

loadmodule "/usr/local/lib/openser/modules/usrloc.so"

loadmodule "/usr/local/lib/openser/modules/registrar.so"

loadmodule "/usr/local/lib/openser/modules/textops.so"

#loadmodule "/usr/local/lib/openser/modules/uri_db.so"

# Uncomment this if you want digest authentication

# mysql.so must be loaded !

loadmodule "/usr/local/lib/openser/modules/auth.so"

loadmodule "/usr/local/lib/openser/modules/auth_db.so"

 

# ----------------- setting module-specific parameters ---------------

 

# -- usrloc params --

 

#modparam("usrloc", "db_mode",    0)

 

# Uncomment this if you want to use SQL database

# for persistent storage and comment the previous line

modparam("usrloc", "db_mode", 2)

 

# -- auth params --

# Uncomment if you are using auth module

#

modparam("auth_db", "calculate_ha1", yes)

#

# If you set "calculate_ha1" parameter to yes (which true in this config),

# uncomment also the following parameter)

#

modparam("auth_db", "password_column", "password")

 

modparam("auth_db","db_url"," mysql://openser:openserrw@localhost/openser")

# -- rr params --

# add value to ;lr param to make some broken UAs happy

modparam("rr", "enable_full_lr", 1)

 

# -------------------------   request routing logic -------------------

 

# main routing logic

 

route{

 

      # initial sanity checks -- messages with

      # max_forwards==0, or excessively long requests

      if (!mf_process_maxfwd_header("10")) {

            sl_send_reply("483","Too Many Hops");

            exit;

      };

 

      if (msg:len >=  

Reply | Threaded
Open this post in threaded view
|

Re: minisip-OpenSER registration problem

Kyle Hamilton
You're not defining any ciphers to use, given the commented-out
tls_ciphers_list line.

Try setting it to:

tls_ciphers_list = "MEDIUM:HIGH"

Check the OpenSSL documentation for more information on what values
this string can take.

-Kyle H

On 2/6/06, Pjothi <[hidden email]> wrote:

>
>
> Dear all,
>
>
>
> The scenario is, I want to register minisip client(SUSE Linux 10) with
> OpenSER (Suse Linux 10) in a LAN scenario for a demo.
>
>
>
> I compiled & installed OpenSER with TLS support and I can start OpenSER and
> it listens on the following address 192.168.0.4:5061. I created a CA cert,
> server certificate and a client certificate with the scripts provided by
> OpenSER. I ported the client certificate, private key and ca list to minisip
> running machine ( 192.168.0.3) and then loaded in the client. The user I
> created in OpenSER using openserctl is user2 and I can check out the user in
> MySQL table.
>
>
>
> Minisip GUI configuration:
>
>
>
> Configuring the user: user2 in minisip, I set the network port to: 5061
>
> Certificate settings: I loaded the certificate, private key and ca_list u
>
> I enable TLS(5061), TCP(5060)
>
>
>
> Problem: When I start minisip, after starting OpenSER, I get the following
> error. I have also pasted the OpenSER.cfg file below the error. In the
> minisip status, it also shows the client is still unregistered. Any
> suggestions/help in this regard is greatly appreciated.
>
>
>
> MINISIP ERROR:
>
>
> linux:/home/user1/minisip # minisip
> Starting MiniSIP ... welcome!
> Initializing NetUtil
> Creating SipSoftPhoneConfiguration
> init 1/9: Creating timeout provider
> init 2/9: Creating GUI
> Creating GTK GUI
> (minisip:5575): gtkmm-WARNING **: gtkmm: Attempt to call Gtk::manage() on a
> Gtk::Window, but a Gtk::Window has no parent container to manage its
> lifetime.
> Minisip: gtk 1
> Minisip: gtk 2
> Setting contact db
> Thread 2 running - doing initParseConfig
> init 3/9: Parsing configuration file ()
> config file version checked ok!
> SipIdentity::SipIdentity : cretated identity id=1
> SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
> SipIdentity::setSipProxy: autodetect is false; userUri= user2@192.168.0.4 ;
> transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
> SipProxy:setProxy(str) : addr = 192.168.0.4
> SipIdentity::setProxy: manual sipproxy success ...
> SipIdentity::setProxy: else ...
> Identities:
> identity=1; username=user2; domain= 192.168.0.4
> proxy=[proxyString=192.168.0.4 ; proxyString=192.168.0.4 ; port=5061;
> transport=TLS; autodetect=no; user=user2; password=user2; expires=1000];
> isRegistered=0
> init 4/9: Creating IP provider
> SimpleIPProvider: localIp =
> SimpleIPProvider: checking interface = lo with IP= 127.0.0.1
> SimpleIPProvider: checking interface = eth0 with IP= 192.168.0.3
> SimpleIPProvider: using localIP = 192.168.0.3
> init 5/9: Creating MediaHandler
> Sound I/O: using Spatial Audio Mixer
> Adding audio codec: G.711
> init 6/9: Creating MSip SIP stack
> init 7/9: Connecting GUI to SIP logic
> init 8.2/9: Starting TCP transport worker thread
> init 9/9: Registering Identities to registrar server
> Registering user user2@192.168.0.4 to proxy 192.168.0.4 , requesting domain
> 192.168.0.4
> SipMessageTransport: sendMessage: creating new socket
> Creating new SSL_CTX
> SSL: connect failed
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: creating new socket
> SSL: connect failed
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: exception thrown!
> SipIdentity::SipIdentity : cretated identity id=2
> SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
> SipIdentity::setSipProxy: autodetect is false; userUri= user2@192.168.0.4 ;
> transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
> SipProxy:setProxy(str) : addr = 192.168.0.4
> SipIdentity::setProxy: manual sipproxy success ...
> SipIdentity::setProxy: else ...
> Sound I/O: using Spatial Audio Mixer
> Adding audio codec: G.711
> SipIdentity::SipIdentity : cretated identity id=3
> SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
> SipIdentity::setSipProxy: autodetect is false; userUri= user2@192.168.0.4 ;
> transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
> SipProxy:setProxy(str) : addr = 192.168.0.4
> SipIdentity::setProxy: manual sipproxy success ...
> SipIdentity::setProxy: else ...
> Sound I/O: using Spatial Audio Mixer
> Adding audio codec: G.711
> SipIdentity::SipIdentity : cretated identity id=4
> SipIdentity::setSipUri: sipUsername=<user2> sipDomain=< 192.168.0.4 >
> SipIdentity::setSipProxy: autodetect is false; userUri= user2@192.168.0.4 ;
> transport = TLS; proxyAddr=192.168.0.4 ; proxyPort=5061
> SipProxy:setProxy(str) : addr = 192.168.0.4
> SipIdentity::setProxy: manual sipproxy success ...
> SipIdentity::setProxy: else ...
> Sound I/O: using Spatial Audio Mixer
> Adding audio codec: G.711
>
>
> OpenSER.cfg
>
>
>
> # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $
>
> #
>
> # simple quick-start config script
>
> #
>
>
>
> # ----------- global configuration parameters ------------------------
>
>
>
> debug=3            # debug level (cmd line: -dddddddddd)
>
> fork=yes
>
> log_stderror=no     # (cmd line: -E)
>
>
>
> /* Uncomment these lines to enter debugging mode
>
> fork=yes
>
> log_stderror=yes
>
> */
>
>
>
> check_via=no      # (cmd. line: -v)
>
> dns=no          # (cmd. line: -r)
>
> rev_dns=no      # (cmd. line: -R)
>
> port=5060
>
> children=4
>
> fifo="/tmp/openser_fifo"
>
>
>
> #
>
> # uncomment the following lines for TLS support
>
> disable_tls = 0
>
> listen = tls: 192.168.0.4:5061
>
> tls_verify = 1
>
> tls_require_certificate = 0
>
> tls_method = TLSv1
>
> tls_certificate = "/usr/local/etc/openser/user/user-
> cert.pem"
>
> tls_private_key = "/usr/local/etc/openser/user/user-
> privkey.pem"
>
> tls_ca_list = "/usr/local/etc/openser/user/user-
> calist.pem"
>
> #tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
>
>
>
>
>
> # ------------------ module loading
> ----------------------------------
>
>
>
> # Uncomment this if you want to use SQL database
>
> loadmodule "/usr/local/lib/openser/modules/mysql.so"
>
>
>
> loadmodule "/usr/local/lib/openser/modules/sl.so"
>
> loadmodule "/usr/local/lib/openser/modules/tm.so"
>
> loadmodule "/usr/local/lib/openser/modules/rr.so"
>
> loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
>
> loadmodule "/usr/local/lib/openser/modules/usrloc.so"
>
> loadmodule "/usr/local/lib/openser/modules/registrar.so"
>
> loadmodule "/usr/local/lib/openser/modules/textops.so"
>
> #loadmodule "/usr/local/lib/openser/modules/uri_db.so"
>
> # Uncomment this if you want digest authentication
>
> # mysql.so must be loaded !
>
> loadmodule "/usr/local/lib/openser/modules/auth.so"
>
> loadmodule "/usr/local/lib/openser/modules/auth_db.so"
>
>
>
> # ----------------- setting module-specific parameters ---------------
>
>
>
> # -- usrloc params --
>
>
>
> #modparam("usrloc", "db_mode",    0)
>
>
>
> # Uncomment this if you want to use SQL database
>
> # for persistent storage and comment the previous line
>
> modparam("usrloc", "db_mode", 2)
>
>
>
> # -- auth params --
>
> # Uncomment if you are using auth module
>
> #
>
> modparam("auth_db", "calculate_ha1", yes)
>
> #
>
> # If you set "calculate_ha1" parameter to yes (which true in this config),
>
> # uncomment also the following parameter)
>
> #
>
> modparam("auth_db", "password_column", "password")
>
>
>
> modparam("auth_db","db_url","
> mysql://openser:openserrw@localhost/openser")
>
> # -- rr params --
>
> # add value to ;lr param to make some broken UAs happy
>
> modparam("rr", "enable_full_lr", 1)
>
>
>
> # -------------------------   request routing logic -------------------
>
>
>
> # main routing logic
>
>
>
> route{
>
>
>
>       # initial sanity checks -- messages with
>
>       # max_forwards==0, or excessively long requests
>
>       if (!mf_process_maxfwd_header("10")) {
>
>             sl_send_reply("483","Too Many Hops");
>
>             exit;
>
>       };
>
>
>
>       if (msg:len >=   2048 ) {
>
>             sl_send_reply("513", "Message too big");
>
>             exit;
>
>       };
>
>
>
>       # we record-route all messages -- to make sure that
>
>       # subsequent messages will go through our proxy; that's
>
>       # particularly good if upstream and downstream entities
>
>       # use different transport protocol
>
>       if (!method=="REGISTER")
>
>             record_route();
>
>
>
>       # subsequent messages withing a dialog should take the
>
>       # path determined by record-routing
>
>       if (loose_route()) {
>
>             # mark routing logic in request
>
>             append_hf("P-hint: rr-enforced\r\n");
>
>             route(1);
>
>       };
>
>
>
>       if (!uri==myself) {
>
>             # mark routing logic in request
>
>             append_hf("P-hint: outbound\r\n");
>
>             # if you have some interdomain connections via TLS
>
>             #if(uri=~"@tls_domain1.net") {
>
>             #
> t_relay_to_tls("IP_domain1","port_domain1");
>
>             #     exit;
>
>             #} else if(uri=~"@tls_domain2.net") {
>
>             #
> t_relay_to_tls("IP_domain2","port_domain2");
>
>             #     exit;
>
>             #}
>
>             route(1);
>
>       };
>
>
>
>       # if the request is for other domain use UsrLoc
>
>       # (in case, it does not work, use the following command
>
>       # with proper names and addresses in it)
>
>       if (uri==myself) {
>
>
>
>             if (method=="REGISTER") {
>
>
>
>                   # Uncomment this if you want to use digest authentication
>
>                   if (!www_authorize("192.168.0.4", "subscriber")) {
>
>                         www_challenge("192.168.0.4", "0");
>
>                         exit;
>
>                   };
>
>
>
>                   save("location");
>
>                   exit;
>
>             };
>
>
>
>             lookup("aliases");
>
>             if (!uri==myself) {
>
>                   append_hf("P-hint: outbound alias\r\n");
>
>                   route(1);
>
>             };
>
>
>
>             # native SIP destinations are handled using our USRLOC DB
>
>             if (!lookup("location")) {
>
>                   sl_send_reply("404", "Not Found");
>
>                   exit;
>
>             };
>
>             append_hf("P-hint: usrloc applied\r\n");
>
>       };
>
>
>
>       route(1);
>
> }
>
>
>
>
>
> route[1] {
>
>       # send it out now; use stateful forwarding as it works reliably
>
>       # even for UDP2TCP
>
>       if (!t_relay()) {
>
>             sl_reply_error();
>
>       };
>
>       exit;
>
> }
>
>
>
>
>
> -------------------------------------------------------------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]