<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
TLS is a security layer in top of TCP, so apparently tcp has to be
specified as a listening transport layer to make tls work. Starting
with v3.0.0, tls code is in a module, so the core might not
initialize tcp if it does not have afferent sockets. Not sure what
would take to make it work with tls only sockets - but definitely is
no impact on resources, because the worker processes are the same
for tcp and tls.<br>
<br>
You can forbid tcp traffic from config file:<br>
<br>
if(proto=TCP) {<br>
send_repply("403", "Not allowed");<br>
exit;<br>
}<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 11/5/12 11:18 AM, Ramazan Yilmaz
wrote:<br>
</div>
<blockquote
cite="mid:CAPgC7iX7e-_D-aZn3Y3cDt0YtQzvfGwHjBriVihc-4KyWFK-JQ@mail.gmail.com"
type="cite">Keeping listen=tls...., I also included "listen=tcp:<a
moz-do-not-send="true" href="http://127.0.0.1:5060">127.0.0.1:5060</a>".
On restart it says,<br>
<br>
<div style="margin-left:40px">Listening on<br>
tcp: <a moz-do-not-send="true"
href="http://127.0.0.1:5060">127.0.0.1:5060</a><br>
tls: XX.XX.XX.XX [XX.XX.XX.XX]:5061<br>
Aliases:<br>
*: XX.XX.XX.XX:*<br>
<br>
kamailio started.<br>
</div>
<br>
And now kamctl ps gives,<br>
<div style="margin-left:40px"><br>
Process:: ID=0 PID=931 Type=attendant<br>
Process:: ID=1 PID=933 Type=slow timer<br>
Process:: ID=2 PID=934 Type=timer<br>
Process:: ID=3 PID=935 Type=MI FIFO<br>
Process:: ID=4 PID=936 Type=ctl handler<br>
Process:: ID=5 PID=937 Type=MI DATAGRAM<br>
Process:: ID=6 PID=938 Type=TIMER NH<br>
Process:: ID=7 PID=939 Type=tcp receiver (generic) child=0<br>
Process:: ID=8 PID=940 Type=tcp receiver (generic) child=1<br>
Process:: ID=9 PID=941 Type=tcp receiver (generic) child=2<br>
Process:: ID=10 PID=942 Type=tcp receiver (generic) child=3<br>
Process:: ID=11 PID=943 Type=tcp main process<br>
<br>
</div>
And, now I can register to kamailio :) No error is written in
syslog. An interesting workaround...<br>
Is this normal? i.e. is listening on a tcp port mandatory?<br>
<br>
<div class="gmail_quote">On Mon, Nov 5, 2012 at 12:03 PM,
Daniel-Constantin Mierla <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:miconda@gmail.com"
target="_blank">miconda@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
can you put also:<br>
<br>
listen=tcp:<a moz-do-not-send="true"
href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a><br>
<br>
?<br>
<br>
Cheers,<br>
Daniel
<div class="HOEnZb">
<div class="h5"><br>
<br>
<div class="gmail_quote">On Mon, Nov 5, 2012 at 9:31 AM,
Ramazan Yilmaz <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ramazan.cs@gmail.com" target="_blank">ramazan.cs@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Any
idea?<br>
I have shared my tls configuration with you in my
previous post, and as I said, that configuration works
with kamailio 3.2.4. After silence of 4 days, do you
confirm that it is a bug? If so, how can it be solved?
Any suggestion?
<div>
<div><br>
<br>
<div class="gmail_quote">On Thu, Nov 1, 2012 at
4:23 PM, Ramazan Yilmaz <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ramazan.cs@gmail.com"
target="_blank">ramazan.cs@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>
<div>In my kamailio configuration, I already
have "#!define WITH_TLS". And some more
about my configuration:<br>
<br>
<div style="margin-left:40px">listen=tls:XX.XX.XXX.XX:5061<br>
<br>
#!ifdef WITH_TLS<br>
enable_tls=yes<br>
#!endif<br>
<br>
#!ifdef WITH_TLS<br>
loadmodule "tls.so"<br>
#!endif<br>
<br>
#!ifdef WITH_TLS<br>
# ----- tls params -----<br>
modparam("tls", "config",
"/usr/local/kamailio-3.3/etc/kamailio/tls.cfg")<br>
#!endif<br>
<br>
</div>
And my tls.cfg is,<br>
<br>
<div style="margin-left:40px">[server:default]<br>
method = SSLv23<br>
verify_certificate = no<br>
require_certificate = no<br>
private_key =
/usr/local/kamailio-3.3/etc/kamailio/kamailio.key<br>
certificate =
/usr/local/kamailio-3.3/etc/kamailio/kamailio.pem<br>
<br>
[client:default]<br>
verify_certificate = yes<br>
require_certificate = yes<br>
</div>
<br>
I have just installed kamailio 3.2.4 on
some other server to see whether the
problem is with my configuration/my system
or with kamailio release. I again
installed Ubuntu, and I installed the
requested packages via apt-get, as I had
done on problematic system. I used exactly
the same configuration file, except
changing the domain/ip values. And it
worked. Then I used the same configuration
file on some other versions of Ubuntu
server, and it worked again. So, it really
seems as a bug in kamailio.<br>
<br>
It seems the worker children cannot be
forked for some reason at startup, so I
enabled WITH_DEBUG directive and restarted
the kamailio. The output is attached to
this mail. I hope it helps.<br>
<br>
Best,
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">-- <br>
Daniel-Constantin Mierla<br>
<a moz-do-not-send="true" href="http://www.asipto.com"
target="_blank">http://www.asipto.com</a><br>
</font></span></blockquote>
</div>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/kat">http://asipto.com/u/kat</a>
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/katu">http://asipto.com/u/katu</a></pre>
</body>
</html>