I work with Asterisk 12 and Webrtc ( is use sip.js) . When Call is answered by Chrome browser (caller is zoiper) , the call imediatelly hangup and shows error
[Aug 4 10:45:16] WARNING[30235][C-0000001f]: res_rtp_asterisk.c:1667 dtls_srtp_setup: Could not set policies when setting up DTLS-SRTP on '0x7ff22802dff0'
[Aug 4 10:45:16] WARNING[30235][C-0000001f]: res_rtp_asterisk.c:3906 ast_rtp_read: RTP Read error: Unspecified. Hanging up.
my pears is here
[1060] ; This will be WebRTC client
type=friend
username=1060 ; The Auth user for SIP.js
host=dynamic ; Allows any host to register
secret=1060 ; The SIP Password for SIP.js
encryption=yes ; Tell Asterisk to use encryption for this peer
avpf=yes ; Tell Asterisk to use AVPF for this peer
icesupport=yes ; Tell Asterisk to use ICE for this peer
context=default ; Tell Asterisk which context to use when this peer is dialing
directmedia=no ; Asterisk will relay media for this peer
transport=udp,ws ; Asterisk will allow this peer to register on UDP or WebSockets
force_avp=yes ; Force Asterisk to use avp. Introduced in Asterisk 11.11
dtlsenable=yes ; Tell Asterisk to enable DTLS for this peer
dtlsverify=no ; Tell Asterisk to not verify your DTLS certs
dtlscertfile=/etc/asterisk/keys/asterisk.pem ; Tell Asterisk where your DTLS cert file is
dtlsprivatekey=/etc/asterisk/keys/asterisk.pem ; Tell Asterisk where your DTLS private key is
dtlssetup=actpass ; Tell Asterisk to use actpass SDP parameter when setting up DTLS
[6003] ; This will be the legacy SIP client
type=friend
username=6003
host=dynamic
secret=6003
Can anybody help me?
I used srtp 1.4.2 and this is how I created the certificates for DTLS:
mkdir /etc/asterisk/keys
Enter the Asterisk scripts directory:
cd /usr/local/src/asterisk*/contrib/scripts.
Create the DTLS certificates (replace pbx.mycomany.com with your ip address or dns name, replace My Super Company with your company name):
./ast_tls_cert -C pbx.mycompany.com -O "My Super Company" -d /etc/asterisk/keys
Related
I am installing sendmail/dovecot on my mail sever.
I edited file /etc/mail/sendmail.mc
and add the below lines to make sure the domain name is used in sending mail
#add for domain email by deo malamo
define(`confDOMAIN_NAME', `desaonline.co.tz')dnl
FEATURE(`relay_entire_domain')dnl
#end add domail based email by deo malamo
i installed and Used tls/ssl from Let's Encrypt
#add for Let's Encrypt ssl by deo malamo
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`CERT_DIR', `/etc/letsencrypt/live/mail.desaonline.co.tz/')dnl
define(`confCACERT', `CERT_DIR/chain.pem')dnl
define(`confCACERT_PATH',`/etc/ssl/certs/')dnl
define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/privkey.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/privkey.pem')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
#DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
#DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
#end add Let's Encrypt ssl by dmalamo
MY PROBLEM is the ports 25,465 and 587 are coming up and then shutdown because of port already in use ,Can any one assist me to fix this problem?
When i save the config (/etc/mail/sendmail.mc) and restart sendmail ,port 465 seems to be used and shutdown the whole outgoing ports 25,465 and 587.
logs file have the below entries
daemon TLSMTA: problem creating SMTP socket
Feb 9 13:26:43 mail sm-mta[20646]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon TLSMTA: cannot bind: Address already in use
NOQUEUE: SYSERR(root): opendaemonsocket: daemon TLSMTA: cannot bind: Address already in use
daemon TLSMTA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon TLSMTA: server SMTP socket wedged: exiting
MY PROBLEM is the ports 25,465 and 587 are coming up and then shutdown because of port already in use ,Can any one assist me to fix this problem?
Short list to check...
1st) have You compiled sendmail.mc into sendmail.cf ?
2nd) TLSMTA: cannot bind: Address already in use... means that one process already use this port (smtps: 465),
- check who is using port (e.g. "netstat -lntp|grep 465")
- and stop this, sometimes port can be in use by connection, maybe instead restart You should: stop, wait few sec./minutes and then start sendmail
- "netstat -lntp|grep sendmail" can be usefull to see sendmail's listening ports
- before start be sure that ports are not occupied (not in use)
- problem may also be in SELINUX (investigate how to allow program to use ports)
Regards
K.
I've recently spun up a new Zabbix 3.0 instance on Ubuntu 16.04 using Php 7.0 and I am running into a lot of issues trying to get it to e-mail the Zabbix administrators. We are trying to use Amazon SES to send out the e-mails. For our setup, we have a usename & password that was generated by SES we are using port 587 with SSL/TLS connection. I've made sure that the alert is enabled and that the E-mail media type was enabled as well. I've also double checked the Zabbix is compiled with SMTP & TLS support. I've also verified that the Zabbix server can get to the Amazon SMTP endpoint on port 587. From the messages it seems to be some form of a communication issue, but everything I've tried isn't really getting me anywhere.
SSL connect error: Encountered end of file
26163:20170515:131115.744 * NSS error -5938 (PR_END_OF_FILE_ERROR)
26163:20170515:131115.744 * Encountered end of file
26163:20170515:131115.744 * Closing connection 0
26163:20170515:131115.744 SSL connect error: Encountered end of file
26163:20170515:131115.744 End of send_email():FAIL
26163:20170515:131115.744 End of execute_action():FAIL
26163:20170515:131115.744 error sending alert ID [812]
26163:20170515:131115.744 query without transaction detected
26163:20170515:131115.744 query [txnlev:0] [update alerts set
retries=1,error='SSL connect error: Encountered end of file' where
alertid=812]
26163:20170515:131115.746 In execute_action(): alertid [813] mediatype [0]
26163:20170515:131115.746 In send_email() smtp_server:'email-smtp.us-east-
1.amazonaws.com' smtp_port:587 smtp_security:2 smtp_authentication:1
26163:20170515:131115.750 * Trying 54.235.77.145...
26163:20170515:131115.752 * Connected to email-smtp.us-east-1.amazonaws.com
(54.235.77.145) port 587 (#0)
26163:20170515:131115.752 * WARNING: failed to load NSS PEM library
libnsspem.so. Using OpenSSL PEM certificates will not work.
26166:20170515:131115.761 __zbx_zbx_setproctitle() title:'http poller #1
[got 0 values in 0.000736 sec, getting values]'
26166:20170515:131115.761 In process_httptests()
26166:20170515:131115.761 query [txnlev:0] [select h.hostid,h.host,h.name,t.httptestid,t.name,t.variables,t.headers,t.agent,t.authentication,t.http_user,t.http_password,t.http_proxy,t.retries,t.ssl_cert_file,t.ssl_key_file,t.ssl_key_password,t.verify_peer,t.verify_host from httptest t,hosts h where t.hostid=h.hostid and t.nextcheck<=1494868275 and mod(t.httptestid,1)=0 and t.status=0 and h.proxy_hostid is null and h.status=0 and (h.maintenance_status=0 or h.maintenance_type=0)]
26166:20170515:131115.762 End of process_httptests()
26166:20170515:131115.762 query [txnlev:0] [select min(t.nextcheck) from httptest t,hosts h where t.hostid=h.hostid and mod(t.httptestid,1)=0 and t.status=0 and h.proxy_hostid is null and h.status=0 and (h.maintenance_status=0 or h.maintenance_type=0)]
26166:20170515:131115.762 No httptests to process in get_minnextcheck.
Just for reference, I do have Zabbix running off of HTTPS. To get that configured I just made a change to the Apache sites-enabled default file to point to the certificate on the local machine. They are signed certificates. I had also installed the most recent openssl package
Has anyone ran into this issue before or know of what might be happening?
Any help would be appreciated!
Thanks :)
587 is STARTTLS, use 465 for SSL/TSL (don't forget to configure security group):
You may have problems with email/email domain verification. Be sure that's OK.
Im trying to setup voip exchange using asterisk ans CSipSimple as client, fol are the detials
Server Side:
Generate certificates for server and two clients
Place the server cert in /etc/asterisk/keys/
sip.conf:
[general]
context=local
allowguest=no
alwaysauthreject=yes
allow=gsm
allow=ulaw
allow=alaw
directmedia=yes
allowoverlap=no
bindport=5061
tlsdontverifyserver=yes
tlsenable=yes
tlsbindaddr=192.168.0.119
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscapath=/etc/asterisk/keys
register => tls://john:password#192.168.0.119:5061
register => tls://jane:password#192.168.0.119:5061
tlscipher=ALL
tlsclientmethod=tlsv1
localnet=192.168.0.119/255.255.255.0
[john]
type=peer
defaultuser=john
secret=password
dtmfmode=rfc2833
callerid="User one"
host=dynamic
canreinvite=no
nat=no
encryption=yes
transport=tls
[jane]
type=peer
defaultuser=jane
secret=password
dtmfmode=rfc2833
callerid="User two"
host=dynamic
canreinvite=no
nat=no
encryption=yes
transport=tls
Client Side:
setup the TLS setting in OSTN account
udp enabled tcp enabled
srtp disabled
zrtp create zrtp
codes => GSM,ulaw,alw
Problem
TLS +zRTP displayed and the call is made
instead on the asterisk CLI i see a messsage,
WARNING[5008][C-00000034]: chan_sip.c:10433 process_sdp: Matched
device setup to use SRTP, but request was not!
im using android 4.2.2 asterisk 1.8, if i make srtp mandatory and zRTP => create zrtp the call is made indicating TLS to the immediate hop + srtp
How can i achieve TLS +ZRTP on asterisk using CSipSimple as client.
Regards.
ZRTP is a protocol for end-to-end devices encryption and this cannot be achieved with the standard unmodified Asterisk since it is basically designed as a server not as a proxy (which is what you need in order to achieve zrtp forwarding). However, The Zfgone project has released some patches for Asterisk to support it. The implementation is quite a challenge since some problems may occurs on the go (for example, sound distortion caused by some codecs) due some bugs on asterisk and it also implies some feature limitations (like not being able to transfer or put a call on hold). But you can use SRTP (it also encrypts traffic but only between server and client)
If you want to use zrtp, I will recommend you to use a kamailio sip server.
I have defined an ip address / domain in sip.conf and defined it in a way that I forced the call to come on g729
Now I reloaded the asterisk after exiting sip.conf by saving it
and called the number by making thu debug on .. expecting the call to be on g729 but the call comes only on pcmu or pcma (ulaw / alaw)
any ideas?
my sip.conf
[IP]
host = IP
type = peer
port = 8060
disallow = all
allow = g729
canreinvite = no
Very likly it use other section.
Do following:
asterisk -r
core set verbose 5
sip set debug on
and check output.
Am following these tutorials to enable Apple Push Notification Server to send Notifications to device.
http://www.raywenderlich.com/3525/apple-push-notification-services-tutorial-part-2
From this tutorial I downloaded MAMP and "created the database to store the users details" and also I have "downloaded the PushChatServer folder from the tutorial". I stored the UDID, Device Token (from APNS), Name, Code in the database. Now I want to send Push Notifications from my localhost.
I am keeping the .pem file, push.php, push-confi.php on my desktop. From the tutorial this part I don't understand:
In the PushChatServer directory there is a push folder that contains the PHP scripts you need to send out push requests. You should put these files in a directory on the server that is not accessible from the web, in other words outside of your DocumentRoot. This is important because you don’t want visitors to your website to download your private key! (In our MAMP setup, this is already taken care of.)
The most important script in the push folder is push.php. This script should be run as a background process on your server. Every few seconds it checks if there are new push notifications to be sent out. If so, it sends them to the Apple Push Notification Service.
First, we need to edit the file push_config.php, which contains the configuration options for push.php. You may need to change the passphrase for the private key and possibly the database password.
As with the server API, the push script can run in either development mode or production mode. In development mode, it talks to the APNS sandbox server and it uses your development SSL certificate. You should use development mode in combination with Debug builds of your app. Production mode should be used for Ad Hoc and App Store builds of your app.
Where I want to keep my Push folder in my Mac. How can I check the APNS connection?
I placed the Push folder(Which is contains the Push.php) in my directory to read from Terminal. And also I pasted the Application folder in my directory.
Tutorial said to use this command in Terminal
$ /Applications/MAMP/bin/php5.2/bin/php push.php development
But, in MAMP I have this path
/Users/creagx/Applications/MAMP/bin/php/php5.5.17/bin/php
Where I need to place the Push folder and MAMP.
I kept my .pem files and push.php files in this path: /Users/gopi/Desktop/APNSsample/push.php
Then I have tried to connect my .pem (SSL) to APNS using Terminal app like this
unknownc42c032e8297:~ name$ cd /Users/creagx/Desktop/APNSsample
unknownc42c032e8297:APNSsample name$ telnet gateway.sandbox.push.apple.com 2195
Trying 17.149.34.66...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.
^C
Connection closed by foreign host.
unknownc42c032e8297:APNSsample name$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert NameAPNCert.pem -key NameAPNKey.pem
Enter pass phrase for NameAPNKey.pem:
CONNECTED(00000003)
depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.sandbox.push.apple.com
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIESyDhfjANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMDA0MTMyMzM0MzNaFw0xMjA1MzEw
MDA0MjdaMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAG
A1UEBxMJQ3VwZXJ0aW5vMRIwEAYDVQQKEwlBcHBsZSBJbmMxGjAYBgNVBAsTEUlu
dGVybmV0IFNlcnZpY2VzMScwJQYDVQQDEx5nYXRld2F5LnNhbmRib3gucHVzaC5h
cHBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM5NngiDMFpGBMmb
8tG2MRhLEdsx553Xjq+5C/c0mtildwhnC1X0LWKUexWdQsMchniac+WnHFSs3YMJ
JJ55kQSB6wqK/WNcxsUn8pMkMsvk3YZFM7TsaKQvFOeieiXCSJVlR3grm3+dilv1
Br+SUqv8JrgU3ijmoQO63vkb8B/hAgMBAAGjggEnMIIBIzALBgNVHQ8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSG
Imh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxYy5jcmwwMwYIKwYBBQUHAQEE
JzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDBABgNVHSAE
OTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1
c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJDwEzd+4Ueu4ZfJMoTTAdBgNV
HQ4EFgQUNyg/64Sjw/+b4YOwC8E/c+jemRgwCQYDVR0TBAIwADANBgkqhkiG9w0B
AQUFAAOCAQEAk9Ij+NCp+323+4vBqbA0fT9ZCROptPqNIshY5uEvaWUaW5hsoLUm
fsMJMueqzDaoj4yPD8iCCZq1Mp8tM8WB2mG1zIxTLshlhRgDDUF11IbUUBHv/ZhU
RzXewQD6pazQmsBPuR0vP3mmWbKqmZOiv2yWSGlQmWGW4m6RQwjYYj8UqqFEdinV
g1+qY6/muTpaCiygDjJZBlv9P6bwwP9FB8OJf5tGECvvxXad3PK/oiI77aLTYSVr
SA0oisXCiqcgTKQq5BV5M3fQQ4ZS73aBKLI0wPYc0AASD5WdtPTGTvmEbhO4KeaU
0SL85Prf8uSsDOLvn3656awLz/H/yzrf/g==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
---
No client certificate CA names sent
---
SSL handshake has read 2549 bytes and written 2017 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 729CC0899B36143DAC78D40B2C31ECB71C81A3BD8DC5CFD6D71AC7885DD2E63DCD47096E97A1B3AF032A8D7D48BF73DA
Key-Arg : None
Start Time: 1336636910
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
name
closed
unknownc42c032e8297:APNSsample name$ php push.php
Usage: php push.php development|production
unknownc42c032e8297:APNSsample name$ development
-bash: development: command not found
unknownc42c032e8297:APNSsample name$ php push.php development
I have received the APNS connection status in push_development.log like this,
2012-05-10T13:32:34+05:30 Push script started (development mode)
2012-05-10T13:32:34+05:30 Exiting with fatal error: exception 'PDOException' with message 'SQLSTATE[HY000] [2002] No such file or directory' in /Users/name/Desktop/APNSsample/push.php:82
Stack trace:
#0 /Users/creagx/name/APNSsample/push.php(82): PDO->__construct('mysql:host=loca...', 'pushchat', 'name', Array)
#1 /Users/creagx/name/APNSsample/push.php(36): APNS_Push->__construct(Array)
#2 {main}
I can't understand what I did wrong? I am using the database from MAMP. I have stored the devicetoken, messages (Payload) in MAMP SQL database.
Terminal:
unknownc42c032e8297:~ gopi$ cd /Users/gopi/Desktop/APNSsample/
unknownc42c032e8297:APNSsample gopi$ php push.php
Usage: php push.php development|production
unknownc42c032e8297:APNSsample gopi$ php push.php development
unknownc42c032e8297:APNSsample gopi$
In my push_development.log file:
2012-05-10T16:08:12+05:30 Push script started (development mode)
2012-05-10T16:08:12+05:30 Exiting with fatal error: exception 'PDOException' with message 'SQLSTATE[HY000] [2002] No such file or directory' in /Users/gopi/Desktop/APNSsample/push.php:82
Stack trace:
#0 /Users/gopi/Desktop/APNSsample/push.php(82): PDO->__construct('mysql:host=loca...', 'pushchat', 'gopi', Array)
#1 /Users/gopi/Desktop/APNSsample/push.php(36): APNS_Push->__construct(Array)
#2 {main}
After you copy both of the .pem files to the same directory(in case desktop).Paste the following codes in terminal:
' cd /Users/gopi/Desktop/APNSSample/ '
Hit enter and you should get no erros,just a new line in Terminal.Now to test the connexion,paste the following code in terminal after you pasted the other one:
' php yourphpfile.php '
Hit enter and you should get three lines of code seying that the php file were able to reach the APNS Server.If it works,you're ok,else tell me!