Tls On Asterisk 13

Home » Asterisk Users » Tls On Asterisk 13
Asterisk Users 6 Comments

Hi list , I’m doing some tests with asterisk 13.4 and tls, and failed to make it work, all my terminals spa Cisco 5XX

look my cli

[Jul 8 11:09:16] ERROR[14733]: pjsip:0 : tlsc0x7f539801 TLS
connect() error: Connection refused [code0111]
[Jul 8 11:09:16] WARNING[14733]: pjsip:0 : tsx0x7f53a8008 Failed to send Request msg OPTIONS/cseqH024 (tdta0x7f53c000dcb0)!
err0111 (Connection refused)
[Jul 8 11:09:46] ERROR[14733]: pjsip:0 : tlsc0x7f539801 TLS
connect() error: Connection refused [code0111]
[Jul 8 11:09:46] WARNING[14733]: pjsip:0 : tsx0x7f53a8008 Failed to send Request msg OPTIONS/cseq1917 (tdta0x7f53c000dcb0)!
err0111 (Connection refused)

someone has had good results with tls

my config
[transport-tls]
type=transport protocol=tls bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1

[XXXX]
type=endpoint context=XX-Xip disallow=all allow=ulaw allow=alaw transport=transport-tls direct_media=no force_rport=yes rtp_symmetric=yes mailboxes=XXXX@default auth=XXXX
aors=XXXX
media_encryption=sdes dtmfmode=rfc4733

regardss

6 thoughts on - Tls On Asterisk 13

  • ricky gutierrez wrote:

    You probably want to add “rewrite_contact=yes” to your endpoint. This will cause it to reuse the existing connection established from the phone. Generally the port provided by the phone is not reachable.

  • 2015-07-08 13:11 GMT-06:00 Joshua Colp :
    Hi Joshua , I add the option you recommended but still can not connect, the strange thing is that I get another message always using TLS transport

    [Jul 8 14:28:45] NOTICE[2498]: res_pjsip/pjsip_distributor.c:256
    log_unidentified_request: Request from ‘”X00X”
    failed for ‘172.16.8.179:5065’ (callid:
    5ece51c0-9ed5173a@172.16.8.179) – No matching endpoint found
    <--- Transmitting SIP response (479 bytes) to TLS:172.16.8.179:5065 --->
    SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS
    172.16.8.179:5065;rportP65;received2.16.8.179;branch=z9hG4bK-27b9198a Call-ID: 5ece51c0-9ed5173a@172.16.8.179
    From: “X00X” ;tag

  • Some soft phone support TLS, but does anybody knows a soft phone that support pkcs11?
    (keys & certs stored on a smart-card)

    Hans

  • I did using acrobits groundwire on asterisk 13.7.2
    Had to add a statement in pjsip.endpointxxx I do not have it in mind but can look it up for you tomorrow.

    Sent from my iPhone