[sip-comm-dev] Problems with TLS


#1

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

···

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#2

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

···

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#3

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

log_47@192.168.0.3_sip-communicator0.log.0 (289 KB)

SIP_Communicator_to_Asterisk_directly_TLS_no_call.pcap (31.9 KB)

SIP_Communicator_to_Asterisk_TCP_TLS_Call.pcap (1.49 MB)

log_46@192.168.0.3_sip-communicator0.log.0 (626 KB)

···

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#4

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

···

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#5

Hy Pablo

You are wrong. For a successful call with TLS the following steps are required:
1. Register "46" to asterisk with TCP
2. Register "46" to asterisk with TLS
3. Register "47" to asterisk with TCP
4. Register "47" to asterisk with TLS
5. Call between "46" and "47"

It looks like, that TLS for SIP is not proper implemented. Because the TCP and TLS Port are required to make a successful call. That means, for SIP over TLS the SIP-Communicator needs the TCP (5060) and TLS (5061) Port.
If I register directly with TLS, the SIP-Communicator can register (state "Connected") to asterisk, but it is not possible to call any other SIP-Communicator.

I hope now it is more clear.

Kind Regards
Markus Zeiter

···

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 11:28
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#6

I may be wrong, but I use a old SIP-Communicator version with TLS, sending only TLS messages. No UDP and non secure TCP.

···

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:32
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

You are wrong. For a successful call with TLS the following steps are required:
1. Register "46" to asterisk with TCP
2. Register "46" to asterisk with TLS
3. Register "47" to asterisk with TCP
4. Register "47" to asterisk with TLS
5. Call between "46" and "47"

It looks like, that TLS for SIP is not proper implemented. Because the TCP and TLS Port are required to make a successful call. That means, for SIP over TLS the SIP-Communicator needs the TCP (5060) and TLS (5061) Port.
If I register directly with TLS, the SIP-Communicator can register (state "Connected") to asterisk, but it is not possible to call any other SIP-Communicator.

I hope now it is more clear.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 11:28
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#7

Hy Pablo

Which Version of SIP-Communicator do you use? I use the version 1.0-alpha3-nightly.build.1952. You had written "non secure TCP", but you use TLS?? That is inconsistent. In which structure do you use the SIP-Communicator (with TLS)?

Kind Regards
Markus Zeiter

···

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 13:46
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

I may be wrong, but I use a old SIP-Communicator version with TLS, sending only TLS messages. No UDP and non secure TCP.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:32
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

You are wrong. For a successful call with TLS the following steps are required:
1. Register "46" to asterisk with TCP
2. Register "46" to asterisk with TLS
3. Register "47" to asterisk with TCP
4. Register "47" to asterisk with TLS
5. Call between "46" and "47"

It looks like, that TLS for SIP is not proper implemented. Because the TCP and TLS Port are required to make a successful call. That means, for SIP over TLS the SIP-Communicator needs the TCP (5060) and TLS (5061) Port.
If I register directly with TLS, the SIP-Communicator can register (state "Connected") to asterisk, but it is not possible to call any other SIP-Communicator.

I hope now it is more clear.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 11:28
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#8

Hi,

About "non secure TCP" I mean TCP connection with text plain messages (same messages like in UDP, but with TCP connection).

I'm using SIP-Communicator 1.0 Alpha2, with some custom modifications. The clients are connected to OpenSER, that works as proxy SIP. All the connection between Sip-communicator are under TLS communications.

Regards,

Pablo.

···

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:53
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

Which Version of SIP-Communicator do you use? I use the version 1.0-alpha3-nightly.build.1952. You had written "non secure TCP", but you use TLS?? That is inconsistent. In which structure do you use the SIP-Communicator (with TLS)?

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 13:46
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

I may be wrong, but I use a old SIP-Communicator version with TLS, sending only TLS messages. No UDP and non secure TCP.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:32
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

You are wrong. For a successful call with TLS the following steps are required:
1. Register "46" to asterisk with TCP
2. Register "46" to asterisk with TLS
3. Register "47" to asterisk with TCP
4. Register "47" to asterisk with TLS
5. Call between "46" and "47"

It looks like, that TLS for SIP is not proper implemented. Because the TCP and TLS Port are required to make a successful call. That means, for SIP over TLS the SIP-Communicator needs the TCP (5060) and TLS (5061) Port.
If I register directly with TLS, the SIP-Communicator can register (state "Connected") to asterisk, but it is not possible to call any other SIP-Communicator.

I hope now it is more clear.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 11:28
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#9

Hy Pablo

I tested the version 1.0 Alpha2, but it is the same. The call can be established, but both clients uses TCP and TLS (5060 and 5061) for SIP. That is not a right implementation.
I tested it with OpenSER too, always the same. If you check with the command "netstat -na |grep 506" then you will see, that each client has a connection to 5060 and 5061.

Kind Regards
Markus Zeiter

···

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------
-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 16:01
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

About "non secure TCP" I mean TCP connection with text plain messages (same messages like in UDP, but with TCP connection).

I'm using SIP-Communicator 1.0 Alpha2, with some custom modifications. The clients are connected to OpenSER, that works as proxy SIP. All the connection between Sip-communicator are under TLS communications.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:53
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

Which Version of SIP-Communicator do you use? I use the version 1.0-alpha3-nightly.build.1952. You had written "non secure TCP", but you use TLS?? That is inconsistent. In which structure do you use the SIP-Communicator (with TLS)?

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 13:46
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

I may be wrong, but I use a old SIP-Communicator version with TLS, sending only TLS messages. No UDP and non secure TCP.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:32
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

You are wrong. For a successful call with TLS the following steps are required:
1. Register "46" to asterisk with TCP
2. Register "46" to asterisk with TLS
3. Register "47" to asterisk with TCP
4. Register "47" to asterisk with TLS
5. Call between "46" and "47"

It looks like, that TLS for SIP is not proper implemented. Because the TCP and TLS Port are required to make a successful call. That means, for SIP over TLS the SIP-Communicator needs the TCP (5060) and TLS (5061) Port.
If I register directly with TLS, the SIP-Communicator can register (state "Connected") to asterisk, but it is not possible to call any other SIP-Communicator.

I hope now it is more clear.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 11:28
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#10

Hi,

Then something must be wrong (maybe the configuration?) because my version uses only TLS.

Regards,

Pablo.

···

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: miércoles, 28 de octubre de 2009 9:23
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

I tested the version 1.0 Alpha2, but it is the same. The call can be established, but both clients uses TCP and TLS (5060 and 5061) for SIP. That is not a right implementation.
I tested it with OpenSER too, always the same. If you check with the command "netstat -na |grep 506" then you will see, that each client has a connection to 5060 and 5061.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------
-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 16:01
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

About "non secure TCP" I mean TCP connection with text plain messages (same messages like in UDP, but with TCP connection).

I'm using SIP-Communicator 1.0 Alpha2, with some custom modifications. The clients are connected to OpenSER, that works as proxy SIP. All the connection between Sip-communicator are under TLS communications.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:53
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

Which Version of SIP-Communicator do you use? I use the version 1.0-alpha3-nightly.build.1952. You had written "non secure TCP", but you use TLS?? That is inconsistent. In which structure do you use the SIP-Communicator (with TLS)?

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 13:46
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

I may be wrong, but I use a old SIP-Communicator version with TLS, sending only TLS messages. No UDP and non secure TCP.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:32
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

You are wrong. For a successful call with TLS the following steps are required:
1. Register "46" to asterisk with TCP
2. Register "46" to asterisk with TLS
3. Register "47" to asterisk with TCP
4. Register "47" to asterisk with TLS
5. Call between "46" and "47"

It looks like, that TLS for SIP is not proper implemented. Because the TCP and TLS Port are required to make a successful call. That means, for SIP over TLS the SIP-Communicator needs the TCP (5060) and TLS (5061) Port.
If I register directly with TLS, the SIP-Communicator can register (state "Connected") to asterisk, but it is not possible to call any other SIP-Communicator.

I hope now it is more clear.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 11:28
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#11

Hy Pablo

Hmm, strange. Can you send me your configuration file from OpenSER?

Kind Regards
Markus

···

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Mittwoch, 28. Oktober 2009 09:33
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Then something must be wrong (maybe the configuration?) because my version uses only TLS.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: miércoles, 28 de octubre de 2009 9:23
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

I tested the version 1.0 Alpha2, but it is the same. The call can be established, but both clients uses TCP and TLS (5060 and 5061) for SIP. That is not a right implementation.
I tested it with OpenSER too, always the same. If you check with the command "netstat -na |grep 506" then you will see, that each client has a connection to 5060 and 5061.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------
-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 16:01
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

About "non secure TCP" I mean TCP connection with text plain messages (same messages like in UDP, but with TCP connection).

I'm using SIP-Communicator 1.0 Alpha2, with some custom modifications. The clients are connected to OpenSER, that works as proxy SIP. All the connection between Sip-communicator are under TLS communications.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:53
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

Which Version of SIP-Communicator do you use? I use the version 1.0-alpha3-nightly.build.1952. You had written "non secure TCP", but you use TLS?? That is inconsistent. In which structure do you use the SIP-Communicator (with TLS)?

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 13:46
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

I may be wrong, but I use a old SIP-Communicator version with TLS, sending only TLS messages. No UDP and non secure TCP.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 13:32
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy Pablo

You are wrong. For a successful call with TLS the following steps are required:
1. Register "46" to asterisk with TCP
2. Register "46" to asterisk with TLS
3. Register "47" to asterisk with TCP
4. Register "47" to asterisk with TLS
5. Call between "46" and "47"

It looks like, that TLS for SIP is not proper implemented. Because the TCP and TLS Port are required to make a successful call. That means, for SIP over TLS the SIP-Communicator needs the TCP (5060) and TLS (5061) Port.
If I register directly with TLS, the SIP-Communicator can register (state "Connected") to asterisk, but it is not possible to call any other SIP-Communicator.

I hope now it is more clear.

Kind Regards
Markus Zeiter

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Dienstag, 27. Oktober 2009 11:28
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi!,

It is very strange. Why is one client with TCP and the other with TLS?

If asterisk works as a SIP Proxy, you might verify its TLS configuration.

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch]
Enviado el: martes, 27 de octubre de 2009 11:00
Para: dev@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] AW: Problems with TLS

Hy

Structure:
Client 1: 46@192.168.0.3
Client 2: 47@192.168.0.3
Server: Asterisk 192.168.0.3

In the attachement you have two wireshark captures and two Error Logs.
...TCP_TLS_Call.pcap: that means a successful call between the two clients (call number: 46 and 47) with registering first with TCP and then with TLS.
...directly_TLS_no_call.pcap: registering just with TLS. If I call 47 from 46, then it will not ringing by the client 47.

I hope it will be helpful.

Kind Regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: PABLO LOPEZ GARCIA [mailto:palg@tid.es]
Gesendet: Montag, 26. Oktober 2009 14:10
An: dev@sip-communicator.dev.java.net
Betreff: [sip-comm-dev] RE: Problems with TLS

Hi,

Could you attach some Wireshark captures and some Sip-communicator error logs?

Regards,

Pablo.

-----Mensaje original-----
De: Zeiter Markus [mailto:markus.zeiter@fhnw.ch] Enviado el: lunes, 26 de octubre de 2009 12:51
Para: dev@sip-communicator.dev.java.net
CC: users@sip-communicator.dev.java.net
Asunto: [sip-comm-dev] Problems with TLS

Hy

Does nobody knows anything about my problem, I explained last week? Please give me an answer.

I am working with the SIP-Communicator (1.0-alpha3-nightly.build.1952) and Asterisk (1.6.0.9 or 1.6.1.0). I use TLS for SIP and that works fine, but if I analyze the traffic with Wireshark I see that the SIP-Communicator uses TLS and TCP too for SIP. I think there that TLS is not proper implemented. Another issue is, that I must first connect the SIP-Communicator to Asterisk with TCP and in a second step I can connect it with TLS. Other one I cannot establish a proper call between two SIP-Communicator-Clients. If I connect directly with TLS to asterisk, then the connection to asterisk is ok, but I cannot make a call.

Can you help me with this problem? Is there any patches available?

Kind regards
Markus

------------------------------------------------------------
Fachhochschule Nordwestschweiz
Hochschule für Technik
Institut für Mobile und Verteilte Systeme

Markus Zeiter
Wissenschaftlicher Assistent
Steinackerstrasse 5
5210 Windisch
------------------------------------------------------------
T +41 56 462 47 20
markus.zeiter@fhnw.ch
http://www.fhnw.ch/technik/imvs
------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net