<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><div><div dir="ltr">Hi,<br><br>I have successfully configured Kamailio for WSS support using the below instructions. Everything works perfectly except, when call is hanged up from the receiving end, Kamailio sends BYE and the browser disconnects websocket connection right after getting response from Kamailio with the following error message:<br><br><span style="color:rgb(34, 34, 34);font-family:arial, sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline !important;background-color:rgb(255, 255, 255);">Firefox: WebSocket connection to 'ws://localhost:3001/</span><wbr style="color:rgb(34, 34, 34);font-family:arial, sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255, 255, 255);"><span style="color:rgb(34, 34, 34);font-family:arial, sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline !important;background-color:rgb(255, 255, 255);">websocket' failed: Invalid frame header</span><br style="color:rgb(34, 34, 34);font-family:arial, sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255, 255, 255);"><div style="color:rgb(34, 34, 34);font-family:arial, sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255, 255, 255);">Chrome: The connection to ws://localhost:3001/websocket was interrupted while the page was loading.<br></div><br class="ecxApple-interchange-newline">Everything works perfectly over plain websocket(WS). Kamailio is sending something with the websocket that the browsers do not like. But im not sure what it is. If somebody faced same issue before or can give any clue that would be really helpful. <br><br>Thanks in advanced!<br><br><div><hr id="ecxstopSpelling">Date: Fri, 17 Oct 2014 18:33:17 -0700<br>From: gascagonzalo@gmail.com<br>To: sr-users@lists.sip-router.org<br>CC: ben@langfeld.me<br>Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio<br><br><div dir="ltr">Hi Ben,<div><br></div><div>In regards your certificates, please double check the following:</div><div>a) CN field:</div><div>In your webrtc client check the URL used for wss. and verify it matches the CN field of the certificate installed in kamailio:</div><div>Example:</div><div>In my sipml5 client I configured wss://<a href="http://ramenlabs.io:5063" target="_blank">ramenlabs.io:5063</a> and my certificate in fact contains in the cn field <a href="http://ramenlabs.io" target="_blank">ramenlabs.io</a></div><div>
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=<a href="http://ramenlabs.io" target="_blank">ramenlabs.io</a><br><pre style="padding:5px;border:0px;font-size:13.6960000991821px;vertical-align:baseline;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;overflow:auto;width:auto;max-height:600px;word-wrap:normal;color:rgb(0,0,0);line-height:17.8048000335693px;background:rgb(238,238,238);"><code style="padding:0px;border:0px;font-size:13.6960000991821px;vertical-align:baseline;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;white-space:inherit;background-image:initial;background-repeat:initial;">openssl x509 -in <span style="color:rgb(34,34,34);line-height:normal;white-space:normal;font-family:arial,sans-serif;font-size:12.8000001907349px;background-color:rgb(255,255,255);">/etc/certs/sip.192.168.146.</span><span style="color:rgb(34,34,34);line-height:normal;white-space:normal;font-family:arial,sans-serif;font-size:12.8000001907349px;background-color:rgb(255,255,255);">133/cert.pem</span> -noout -text</code></pre></div><div><input value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"expires":false},"attachments":{}}" type="hidden"><div><br></div><div>b) </div><div>I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port 5063</div><div>Topology:</div><div>1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)</div><div>2) sipml5 --wss---> kamailio</div><div><br></div><div>Relevant configurations:</div><div>kamailio.cfg</div><div>tls.cfg</div><div>certificates</div><div><br></div><div>Kamailio:</div><div>
loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/<br></div><div><br></div><div>
Listening on <br>
udp: <a href="http://172.31.27.85:5060" target="_blank">172.31.27.85:5060</a><br>
tcp: <a href="http://172.31.27.85:5060" target="_blank">172.31.27.85:5060</a><br>
tcp: <a href="http://172.31.27.85:5062" target="_blank">172.31.27.85:5062</a><br>
tls: <a href="http://172.31.27.85:5061" target="_blank">172.31.27.85:5061</a><br>
<b> tls: <a href="http://172.31.27.85:5063" target="_blank">172.31.27.85:5063</a></b><br>
Aliases: <br>
<b> tls: ip-172-31-27-85.us-west-2.compute.internal:5063</b><br>
tls: ip-172-31-27-85.us-west-2.compute.internal:5061<br>
tcp: ip-172-31-27-85.us-west-2.compute.internal:5062<br>
tcp: ip-172-31-27-85.us-west-2.compute.internal:5060<br>
udp: ip-172-31-27-85.us-west-2.compute.internal:5060<br>
*: ramenlabs.io:*<br>
*: 172.31.27.85:*<br><br><br></div><div>kamailio.cfg</div><div>tls.cfg</div><div><br></div><div><a href="https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg" target="_blank">https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg</a><br></div><div><a href="https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg" target="_blank">https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg</a><br></div><div><br></div><div><br></div><div>
openssl s_client -connect <a href="http://172.31.27.85:5063" target="_blank">172.31.27.85:5063</a> where this i my internal IP address I get presented the certificates.<br></div><div>HTH</div><div><br></div><div>-G</div></div></div><div class="ecxgmail_extra"><br><div class="ecxgmail_quote">On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <span dir="ltr"><<a href="mailto:dodul@live.com" target="_blank">dodul@live.com</a>></span> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
<div><div dir="ltr">ok. I have made some changes. rather than getting the TLS configaration from a file I added this lines: <div><br></div><div><span><div>#!ifdef WITH_TLS</div><div># ----- tls params -----</div><div><br></div></span><div>modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")</div><div>modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")</div><div>modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")</div><div><br></div><div>now, Im getting different logs which looks good. Getting positive results from openssl test,</div><div><br></div><div><div>openssl s_client -connect <a href="http://192.168.146.133:5061" target="_blank">192.168.146.133:5061</a> -tls1</div><div>CONNECTED(00000003)</div><div>^C</div></div><div><br></div><div>But when I try to connect using my webRTC client or even from web-browsers im getting timed out. I think im close .. please help me fixing this issue.</div><div><br></div><div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>: verify_certificate=0</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client certificate required and no checks performed</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>: verify_certificate=0</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY present invalid certificate</div><div>Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)</div></div><div><br></div><br><div><hr><br></div></div></div></div></blockquote></div></div></div> </div></div> </div></body>
</html>