TLS SIP transport generating SSL errors

<< < (2/2)

restamp:
ProfTech, I generally use FreePBX to configure my A* servers.  However, I've dabbled with TLS on servers that were too old to have native FreePBX TLS support.  Take a look here:

https://pbxinaflash.com/community/threads/questions-concerning-incredible-pbx-13-12-2-upgrade.21093/#post-129353

It may be close enough to your vanilla A* to get you started.

Good luck!

ProfTech:
Thanks. Do you know what the setting in FreePBX

Quote

While you're at it, you might as well go to Settings -> Asterisk SIP Settings -> Chan PJSIP and activate the TCP protocol as well (requires an Asterisk restart to "take").

Sets / changes? I haven't been able to find anything on how to ensble tcp from a command line...

restamp:
Under FreePBX, you'll need to go to somewhere under "Setting -> Asterisk SIP Settings".  (The actual location will vary with which version of FreePBX you are using.)

If you are configuring the conf files yourself, add TCP (and TLS) to one of the A* config files.  I'm not sure which one is appropriate since I don't configure A* manually myself, but it's probably something like pjsip.transports.conf .
The templates will look something like:

Code:

[0.0.0.0-udp]
type=transport
protocol=udp
bind=0.0.0.0:5060
external_media_address=216.189.154.187
external_signaling_address=216.189.154.187

[0.0.0.0-tcp]
type=transport
protocol=tcp
bind=0.0.0.0:5060
external_media_address=216.189.154.187
external_signaling_address=216.189.154.187

[0.0.0.0-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
ca_list_file=/etc/asterisk/keys/ca.crt
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1

You are of course aware that A* only offers the various transports it supports to the registrant and it is the latter that chooses which transport it will ultimately use.

ProfTech:
Thanks. I found the page on the Asterisk wiki with the info on how to set it up and got tls working. Now trying to confirm that tcp is correctly configured and available since sometimes udp switches to tcp for large packets. I think it is working but haven't been able to get it to dial out yet using tcp.

Navigation

[0] Message Index

[*] Previous page