[jitsi-users] TLS


#1

Hello,

I recently decided to switch over to TLS from a working jitsi configuration w/out security. I've been unable to get jitsi to register despite much pain, sweat, tears, agony and screaming. jitsi refuses to send anything but UDP, though I've got everything setup correctly - as far as I know.

jitsi's log says:

12:34:05.831 WARNING: [54] service.resources.AbstractResourcesService.getSettingsInt().596 Missing resource for key: net.java.sip.communicator.
SIP_PREFERRED_CLEAR_PORT

12:34:05.964 WARNING: [54] service.resources.AbstractResourcesService.getSettingsInt().596 Missing resource for key: net.java.sip.communicator.
SIP_PREFERRED_SECURE_PORT

Ideas please?

Thank you

- A


#2

I recently decided to switch over to TLS from a working jitsi
configuration w/out security. I've been unable to get jitsi to register
despite much pain, sweat, tears, agony and screaming. jitsi refuses to
send anything but UDP, though I've got everything setup correctly - as
far as I know.

jitsi's log says:

12:34:05.831 WARNING: [54]
service.resources.AbstractResourcesService.getSettingsInt().596 Missing
resource for key: net.java.sip.communicator. SIP_PREFERRED_CLEAR_PORT

12:34:05.964 WARNING: [54]
service.resources.AbstractResourcesService.getSettingsInt().596 Missing
resource for key: net.java.sip.communicator. SIP_PREFERRED_SECURE_PORT

You can ignore these, it just means that a default hasn't been set in a config file and the defaults are being used.

Ideas please?

Please describe your setup. "It doesn't work" isn't of much use for further help. The complete logs would be a start.

Thank you

- A

Ingo


#3

Hi Ingo,

Sent you some private email, not sure if you're getting it; please let me know. I sent you the log file.

Also, I found that if I set the proxy to be the same machine with port 5061; it works after a fashion. It seems to register to asterisk but when I try to make a call it fails with an authentication/invalid password error.

I spoke with the asterisk guys and I was told " you send the invite, * sends a 401 CHALLENGING them, and Jitsi isn't coming back with papers". So hopefully that helps you isolate the issues involved?

Thank you for all your amazing work!

- A

···

On 02/07/2017 03:02 PM, Ingo Bauersachs wrote:

I recently decided to switch over to TLS from a working jitsi
configuration w/out security. I've been unable to get jitsi to register
despite much pain, sweat, tears, agony and screaming. jitsi refuses to
send anything but UDP, though I've got everything setup correctly - as
far as I know.

jitsi's log says:

12:34:05.831 WARNING: [54]
service.resources.AbstractResourcesService.getSettingsInt().596 Missing
resource for key: net.java.sip.communicator. SIP_PREFERRED_CLEAR_PORT

12:34:05.964 WARNING: [54]
service.resources.AbstractResourcesService.getSettingsInt().596 Missing
resource for key: net.java.sip.communicator. SIP_PREFERRED_SECURE_PORT

You can ignore these, it just means that a default hasn't been set in a config file and the defaults are being used.

Ideas please?

Please describe your setup. "It doesn't work" isn't of much use for further help. The complete logs would be a start.

Thank you

- A

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Apologies Ingo, it's unclear if the issue is due to a misconfig on my part. I'm forced to set the proxy to the same registrar to get it to use port 5061 so that's an issue. I also changed it to use fingerprints instead of certs and that seems to have resolved the problem. I'm not sure if I'll get around to using certs but if it's working for everyone else then it's most likely my misconfiguration. I'm using a self-signed cert if that makes any difference? Thanks again!

···

On 02/10/2017 06:13 AM, A wrote:

Hi Ingo,

Sent you some private email, not sure if you're getting it; please let me know. I sent you the log file.

Also, I found that if I set the proxy to be the same machine with port 5061; it works after a fashion. It seems to register to asterisk but when I try to make a call it fails with an authentication/invalid password error.

I spoke with the asterisk guys and I was told " you send the invite, * sends a 401 CHALLENGING them, and Jitsi isn't coming back with papers". So hopefully that helps you isolate the issues involved?

Thank you for all your amazing work!

- A

On 02/07/2017 03:02 PM, Ingo Bauersachs wrote:

I recently decided to switch over to TLS from a working jitsi
configuration w/out security. I've been unable to get jitsi to register
despite much pain, sweat, tears, agony and screaming. jitsi refuses to
send anything but UDP, though I've got everything setup correctly - as
far as I know.

jitsi's log says:

12:34:05.831 WARNING: [54]
service.resources.AbstractResourcesService.getSettingsInt().596 Missing
resource for key: net.java.sip.communicator. SIP_PREFERRED_CLEAR_PORT

12:34:05.964 WARNING: [54]
service.resources.AbstractResourcesService.getSettingsInt().596 Missing
resource for key: net.java.sip.communicator. SIP_PREFERRED_SECURE_PORT

You can ignore these, it just means that a default hasn't been set in a config file and the defaults are being used.

Ideas please?

Please describe your setup. "It doesn't work" isn't of much use for further help. The complete logs would be a start.

Thank you

- A

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#5

Apologies Ingo, it's unclear if the issue is due to a misconfig on my
part. I'm forced to set the proxy to the same registrar to get it to
use port 5061 so that's an issue. I also changed it to use fingerprints
instead of certs and that seems to have resolved the problem. I'm not
sure if I'll get around to using certs but if it's working for everyone
else then it's most likely my misconfiguration. I'm using a self-signed
cert if that makes any difference? Thanks again!

I got your e-mails, I just don't have 24/7hrs to provide support for Jitsi.

I'm not sure what you configured exactly as you only sent the text log but not the packet trace. Anyway, I have several accounts configured with Asterisk using TLS and SDES:
- Proxy: <your asterisk server>, should match the common name of the certificate
- Proxy Port: 5061 (or whatever you configured in Asterisk)
- Transport: TLS

You can leave the registrar port at 5060.

On Asterisk, you need to configure something like this in sip.conf (that is for old SIP, not PJSIP, I have no experience with that):

[general]
tlscipher=HIGH
tlsprivatekey=/etc/asterisk/keys/cert.key
tlscertfile=/etc/asterisk/keys/cert.crt
tlscafile=/etc/asterisk/keys/cert-ca-bundle.crt
tlsbindaddr=[::]:5061
tlsclientmethod=tlsv1

[100]
transport=tls

Ingo