<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    TLS is a security layer in top of TCP, so apparently tcp has to be

    specified as a listening transport layer to make tls work. Starting

    with v3.0.0, tls code is in a module, so the core might not

    initialize tcp if it does not have afferent sockets. Not sure what

    would take to make it work with tls only sockets - but definitely is

    no impact on resources, because the worker processes are the same

    for tcp and tls.<br>

    <br>

    You can forbid tcp traffic from config file:<br>

    <br>

    if(proto=TCP) {<br>

    send_repply("403", "Not allowed");<br>

    exit;<br>

    }<br>

    <br>

    Cheers,<br>

    Daniel<br>

    <br>

    <div class="moz-cite-prefix">On 11/5/12 11:18 AM, Ramazan Yilmaz

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAPgC7iX7e-_D-aZn3Y3cDt0YtQzvfGwHjBriVihc-4KyWFK-JQ@mail.gmail.com"

      type="cite">Keeping listen=tls...., I also included "listen=tcp:<a

        moz-do-not-send="true" href="http://127.0.0.1:5060">127.0.0.1:5060</a>".

      On restart it says,<br>

      <br>

      <div style="margin-left:40px">Listening on<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tcp: <a moz-do-not-send="true"

          href="http://127.0.0.1:5060">127.0.0.1:5060</a><br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tls: XX.XX.XX.XX [XX.XX.XX.XX]:5061<br>

        Aliases:<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *: XX.XX.XX.XX:*<br>

        <br>

        kamailio started.<br>

      </div>

      <br>

      And now kamctl ps gives,<br>

      <div style="margin-left:40px"><br>

        Process::&nbsp; ID=0 PID=931 Type=attendant<br>

        Process::&nbsp; ID=1 PID=933 Type=slow timer<br>

        Process::&nbsp; ID=2 PID=934 Type=timer<br>

        Process::&nbsp; ID=3 PID=935 Type=MI FIFO<br>

        Process::&nbsp; ID=4 PID=936 Type=ctl handler<br>

        Process::&nbsp; ID=5 PID=937 Type=MI DATAGRAM<br>

        Process::&nbsp; ID=6 PID=938 Type=TIMER NH<br>

        Process::&nbsp; ID=7 PID=939 Type=tcp receiver (generic) child=0<br>

        Process::&nbsp; ID=8 PID=940 Type=tcp receiver (generic) child=1<br>

        Process::&nbsp; ID=9 PID=941 Type=tcp receiver (generic) child=2<br>

        Process::&nbsp; ID=10 PID=942 Type=tcp receiver (generic) child=3<br>

        Process::&nbsp; ID=11 PID=943 Type=tcp main process<br>

        <br>

      </div>

      And, now I can register to kamailio :) No error is written in

      syslog. An interesting workaround...<br>

      Is this normal? i.e. is listening on a tcp port mandatory?<br>

      <br>

      <div class="gmail_quote">On Mon, Nov 5, 2012 at 12:03 PM,

        Daniel-Constantin Mierla <span dir="ltr">&lt;<a

            moz-do-not-send="true" href="mailto:miconda@gmail.com"

            target="_blank">miconda@gmail.com</a>&gt;</span> wrote:<br>

        <blockquote class="gmail_quote" style="margin:0 0 0

          .8ex;border-left:1px #ccc solid;padding-left:1ex">

          Hello,<br>

          <br>

          can you put also:<br>

          <br>

          listen=tcp:<a moz-do-not-send="true"

            href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a><br>

          <br>

          ?<br>

          <br>

          Cheers,<br>

          Daniel

          <div class="HOEnZb">

            <div class="h5"><br>

              <br>

              <div class="gmail_quote">On Mon, Nov 5, 2012 at 9:31 AM,

                Ramazan Yilmaz <span dir="ltr">&lt;<a

                    moz-do-not-send="true"

                    href="mailto:ramazan.cs@gmail.com" target="_blank">ramazan.cs@gmail.com</a>&gt;</span>

                wrote:<br>

                <blockquote class="gmail_quote" style="margin:0 0 0

                  .8ex;border-left:1px #ccc solid;padding-left:1ex">Any

                  idea?<br>

                  I have shared my tls configuration with you in my

                  previous post, and as I said, that configuration works

                  with kamailio 3.2.4. After silence of 4 days, do you

                  confirm that it is a bug? If so, how can it be solved?

                  Any suggestion?

                  <div>

                    <div><br>

                      <br>

                      <div class="gmail_quote">On Thu, Nov 1, 2012 at

                        4:23 PM, Ramazan Yilmaz <span dir="ltr">&lt;<a

                            moz-do-not-send="true"

                            href="mailto:ramazan.cs@gmail.com"

                            target="_blank">ramazan.cs@gmail.com</a>&gt;</span>

                        wrote:<br>

                        <blockquote class="gmail_quote" style="margin:0

                          0 0 .8ex;border-left:1px #ccc

                          solid;padding-left:1ex">

                          <div>

                            <div>In my kamailio configuration, I already

                              have "#!define WITH_TLS". And some more

                              about my configuration:<br>

                              <br>

                              <div style="margin-left:40px">listen=tls:XX.XX.XXX.XX:5061<br>

                                <br>

                                #!ifdef WITH_TLS<br>

                                enable_tls=yes<br>

                                #!endif<br>

                                <br>

                                #!ifdef WITH_TLS<br>

                                loadmodule "tls.so"<br>

                                #!endif<br>

                                <br>

                                #!ifdef WITH_TLS<br>

                                # ----- tls params -----<br>

                                modparam("tls", "config",

                                "/usr/local/kamailio-3.3/etc/kamailio/tls.cfg")<br>

                                #!endif<br>

                                <br>

                              </div>

                              And my tls.cfg is,<br>

                              <br>

                              <div style="margin-left:40px">[server:default]<br>

                                method = SSLv23<br>

                                verify_certificate = no<br>

                                require_certificate = no<br>

                                private_key =

                                /usr/local/kamailio-3.3/etc/kamailio/kamailio.key<br>

                                certificate =

                                /usr/local/kamailio-3.3/etc/kamailio/kamailio.pem<br>

                                <br>

                                [client:default]<br>

                                verify_certificate = yes<br>

                                require_certificate = yes<br>

                              </div>

                              <br>

                              I have just installed kamailio 3.2.4 on

                              some other server to see whether the

                              problem is with my configuration/my system

                              or with kamailio release. I again

                              installed Ubuntu, and I installed the

                              requested packages via apt-get, as I had

                              done on problematic system. I used exactly

                              the same configuration file, except

                              changing the domain/ip values. And it

                              worked. Then I used the same configuration

                              file on some other versions of Ubuntu

                              server, and it worked again. So, it really

                              seems as a bug in kamailio.<br>

                              <br>

                              It seems the worker children cannot be

                              forked for some reason at startup, so I

                              enabled WITH_DEBUG directive and restarted

                              the kamailio. The output is attached to

                              this mail. I hope it helps.<br>

                              <br>

                              Best,

                            </div>

                          </div>

                        </blockquote>

                      </div>

                      <br>

                    </div>

                  </div>

                </blockquote>

              </div>

              <br>

              <br clear="all">

              <br>

            </div>

          </div>

          <span class="HOEnZb"><font color="#888888">-- <br>

              Daniel-Constantin Mierla<br>

              &nbsp; <a moz-do-not-send="true" href="http://www.asipto.com"

                target="_blank">http://www.asipto.com</a><br>

            </font></span></blockquote>

      </div>

      <br>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>

<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>

Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/kat">http://asipto.com/u/kat</a>

Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/katu">http://asipto.com/u/katu</a></pre>

  </body>

</html>