Hi I am trying to use openssl command to test my server code written in python using aiosmtpd library.
Here is the server side code I have written:
import datetime
import sys
import ssl
import aiosmtpd.controller
class SMTPServer:
async def handle_DATA(self, server, session, envelope):
# some printing of the response
return "250 OK"
if __name__ == "__main__":
handler = SMTPServer()
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain('cert.pem', 'key.pem')
controller = aiosmtpd.controller.Controller(handler, hostname="localhost",port=587,ssl_context=context)
controller.start()
input('Running smtp Server over TLS on port 587. \n')
controller.stop()
When I try to execute above code with command openssl s_client -debug -starttls smtp -crlf -connect localhost:587 I am getting the below error
$ openssl s_client -debug -starttls smtp -crlf -connect localhost:587
CONNECTED(00000003)
read from 0x55feaf0ba7c0 [0x55feaf0be780] (4096 bytes => 0 (0x0))
write to 0x55feaf0ba7c0 [0x55feaf0bf790] (23 bytes => 23 (0x17))
0000 - 45 48 4c 4f 20 6d 61 69-6c 2e 65 78 61 6d 70 6c EHLO mail.exampl
0010 - 65 2e 63 6f 6d 0d 0a e.com..
read from 0x55feaf0ba7c0 [0x55feaf0be780] (4096 bytes => 0 (0x0))
Didn't find STARTTLS in server response, trying anyway...
write to 0x55feaf0ba7c0 [0x7ffd8edd5fb0] (10 bytes => -1 (0xFFFFFFFFFFFFFFFF))
read from 0x55feaf0ba7c0 [0x55feaf0b1f80] (8192 bytes => 0 (0x0))
write to 0x55feaf0ba7c0 [0x55feaf0ccf00] (283 bytes => -1 (0xFFFFFFFFFFFFFFFF))
write:errno=32
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 23 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x55feaf0ba7c0 [0x55feaf0b1f80] (8192 bytes => 0 (0x0))
could anyone please support how to resolve this error? If I use
openssl command without adding -starttls like "openssl s_client -debug -connect localhost:587" then the above server code is working fine. But I want to make it work using -starttls along with openssl command.
Related
Let's say I'm reading a TCP or UDP stream in Node Js. This question basically applies to any language or platform, but how do I go about creating a header for my data layer?
I suppose I need
A magic set of characters to identify a header
A number that says the length of the packet
???
I would like to future proof it and follow any "typical" data packet header structures (maybe they usually include version? protocol?) but cannot for the life of me find any great information online.
Use the pcapng format. The spec should have everything you need if you want to look at header bytes at a deeper level. Pcap is the older format, but has limitations.
There's already a pcapng parser available, pcap-ng-parser available via npm.
If you want a general protocol analyzer, you should look at Wireshark
Generate a pcapng file
In order to work with a pcapng, we need a pcapng file. Fortunately, tshark (part of Wireshark), makes this easy. We can use tshark to generate 10 packets (-c 10) and save to the pcapng format (-F).
tshark -w myfile.pcapng -F pcapng -c 10
JS pcapng libraries
pcap-ng-parser
We can use the sample js file on the about page:
# temp.js
const PCAPNGParser = require('pcap-ng-parser')
const pcapNgParser = new PCAPNGParser()
const myFileStream = require('fs').createReadStream('./myfile.pcapng')
myFileStream.pipe(pcapNgParser)
.on('data', parsedPacket => {
console.log(parsedPacket)
})
.on('interface', interfaceInfo => {
console.log(interfaceInfo)
})
Getting info from pcapng file
Running sample JS
Running it on my system, we see link and interface information.
$ node temp.js
{
linkType: 1,
snapLen: 524288,
name: 'en0\u0003\u0005Wi-Fi\t\u0001\u0006',
code_12: 'Mac OS X 10.14.6, build 18G103 (Darwin 18.7.0)\u0000\u0000\u0000\u0000\u0000\u0000h\u0000\u0000\u0000'
}
{
interfaceId: 0,
timestampHigh: 367043,
timestampLow: 1954977647,
data: <Buffer a8 bd 27 c8 f2 fe 6c 96 cf d8 7f e7 08 00 45 00 00 28 87 c3 00 00 40 06 e4 ba ac 1f 63 c6 8c 52 72 1a fc 3c 01 bb 6c 24 4d 01 54 03 1b 06 50 10 08 00 ... 4 more bytes>
}
... <output truncated>
Vs tshark
Depending on your use case, tshark may make more sense anyway
tshark -r myfile.pcapng -c 1 -T json
[
{
"_index": "packets-2019-12-15",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "en0",
"frame.interface_description": "Wi-Fi"
},
"frame.encap_type": "1",
"frame.time": "Dec 15, 2019 12:04:14.932076000 PST",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1576440254.932076000",
"frame.time_delta": "0.000000000",
"frame.time_delta_displayed": "0.000000000",
"frame.time_relative": "0.000000000",
"frame.number": "1",
"frame.len": "175",
"frame.cap_len": "175",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:udp:db-lsp-disc:json",
"frame.coloring_rule.name": "UDP",
"frame.coloring_rule.string": "udp"
},
"eth": {
"eth.dst": "ff:ff:ff:ff:ff:ff",
"eth.dst_tree": {
...
I am having an odd problem.
I have made sip users and extensions.
Calling between them works like a charm.
The quality of sound seems to be really of… it sounds horrible.
It’s like I can almost not hear the person on the other side.
What would be the problem to a case like this?
I think (correct me if I am wrong) I did something wrong with my settings.
My settings are as followed;
sip.conf
; SIP Configuration for Asterisk
context => phones ; Default context for incoming calls. Defaults to 'default'
allowguest => yes ; Allow or reject guest calls (default is yes)
allowoverlap => yes ; Disable overlap dialing support. (Default is yes)
tcpenable => yes ; Enable server for incoming TCP connections (default is no)
tcpbindaddr => 0.0.0.0:15060 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
udpbindaddr => 0.0.0.0:15060 ; IP address to bind UDP listen socket to (0.0.0.0 binds to all)
transport => udp ; Set the default transports. The order determines the primary default transport.
nat => force_rport,comedia
localnet => 172.31.27.202/255.255.0.0 ; NAT SUPPORT
externaddr =>54.178.185.181 ; NAT SUPPORT
media_address => 54.178.185.181 ; NAT SUPPORT
directmedia => no
srvlookup => yes ; Enable DNS SRV lookups on outbound calls
language => ja ; Default language setting for all users/peers
rtcachefriends => yes ; realtime database settings
rtautoclear => yes ; realtime database settings
;------------------------------ quality settings --------------------------
tos_sip => cs3 ; Sets TOS for SIP packets.
tos_audio => ef ; Sets TOS for RTP audio packets.
cos_sip => 3 ; Sets 802.1p priority for SIP packets.
cos_audio => 5 ; Sets 802.1p priority for RTP audio packets.
;------------------------------ JITTER BUFFER CONFIGURATION --------------------------
jbenable => no ; Enables the use of a jitterbuffer on the receiving side of a
; SIP channel. Defaults to "no". An enabled jitterbuffer will
; be used only if the sending side can create and the receiving
; side can not accept jitter. The SIP channel can accept jitter,
; thus a jitterbuffer on the receive SIP side will be used only
; if it is forced and enabled.
; (和訳)SIPチャネルの受信側でジッタバッファを使用できるようにします。
; デフォルトは「いいえ」です。有効なジッタバッファは、送信側が作成でき、
; 受信側がジッタを受け入れることができない場合にのみ使用されます。
; SIPチャネルはジッタを受け入れることができます。
; したがって、受信SIP側のジッタバッファは、
; 強制的に有効化されている場合にのみ使用されます。
jbforce => no ; Forces the use of a jitterbuffer on the receive side of a SIP
; channel. Defaults to "no".
; (和訳)SIPチャネルの受信側でジッタバッファを強制的に使用します。
; デフォルトは「いいえ」です。
jbmaxsize => 200 ; Max length of the jitterbuffer in milliseconds.
; (和訳)ジッタバッファの最大長(ミリ秒単位)。
jbresyncthreshold => 1000 ; Jump in the frame timestamps over which the jitterbuffer is
; resynchronized. Useful to improve the quality of the voice, with
; big jumps in/broken timestamps, usually sent from exotic devices
; and programs. Defaults to 1000.
; (和訳)ジッタバッファが再同期されるフレームタイムスタンプ内をジャンプします。
; 通常はエキゾチックなデバイスやプログラムから送信される、
; 壊れたタイムスタンプの大きなジャンプで、音声の品質を向上させるのに便利です。
; デフォルトは1000です。
jbimpl => fixed ; Jitterbuffer implementation, used on the receiving side of a SIP
; channel. Two implementations are currently available - "fixed"
; (with size always equals to jbmaxsize) and "adaptive" (with
; variable size, actually the new jb of IAX2). Defaults to fixed.
; (和訳)SIPチャネルの受信側で使用されるJitterbuffer実装。
; 現在のところ、 "fixed"(サイズは常にjbmaxsizeに等しい)と
; "adaptive"(可変サイズで、実際はIAX2の新しいjb)という
; 2つの実装が利用可能です。デフォルトは固定です。
jbtargetextra => 40 ; This option only affects the jb when 'jbimpl = adaptive' is set.
; The option represents the number of milliseconds by which the new jitter buffer
; will pad its size. the default is 40, so without modification, the new
; jitter buffer will set its size to the jitter value plus 40 milliseconds.
; increasing this value may help if your network normally has low jitter,
; but occasionally has spikes.
; (和訳)このオプションは、 'jbimpl = adaptive'が設定されている場合に
; のみjbに影響します。このオプションは、新しいジッタバッファがその
; サイズを埋めるまでのミリ秒数を表します。デフォルトは40ですので、
; 変更なしでは、新しいジッタバッファはジッタ値に40ミリ秒を加えたサイズに設定されます。
; この値を大きくすると、ネットワークのジッタが通常は低くなりますが、
; 時にはスパイクが発生することがあります。
jblog => yes ; Enables jitterbuffer frame logging. Defaults to "no".
; (和訳)ジッタバッファフレームロギングをイネーブルにします。
; デフォルトは「いいえ」です。
;--------------------------- RTP timers ----------------------------------------------------
; These timers are currently used for both audio and video streams. The RTP timeouts
; are only applied to the audio channel.
; The settings are settable in the global section as well as per device.
; (和訳)これらのタイマーは、現在、オーディオストリームとビデオストリームの両方に使用されています。
; RTPタイムアウトはオーディオチャネルにのみ適用されます。
; 設定は、デバイスごとにグローバルセクションでも設定できます。
;
rtptimeout => 5 ; Terminate call if 60 seconds of no RTP or RTCP activity
; on the audio channel
; when we're not on hold. This is to be able to hangup
; a call in the case of a phone disappearing from the net,
; like a powerloss or grandma tripping over a cable.
; (和訳)保留されていないときに、オーディオチャネルでRTPまたはRTCPの
; アクティビティがない場合は、60秒間コールを終了します。
; これは、電力損失やおばあちゃんがケーブルを乗り越えるように、
; ネットから消えていく電話の場合に電話を切ることができるようにするためです。
;rtpholdtimeout => 300 ; Terminate call if 300 seconds of no RTP or RTCP activity
; on the audio channel
; when we're on hold (must be > rtptimeout)
; (和訳)保留中の場合、オーディオチャネルでRTPまたはRTCPのアクティビティがない状態で
; 300秒が経過すると、コールを終了します。 (rtptimeoutより大きくなければいけません)
;rtpkeepalive => <secs> ; Send keepalives in the RTP stream to keep NAT open
; (default is off - zero)
; (和訳)キープアライブをRTPストリームに送信して、NATを開いたままにします
; (デフォルトはオフ)
;--------------------------------codec---------------------------------------------------
;音声コーデックのGSM固定 作業者:渋谷 2018/06/26
disallow => all
allow => ulaw,alaw,gsm
;-----------------------------------------------------------------------------------
;セッション設定 作業者:あすか柴田 2018/07/23
session-expires => 1800
session-refresher => uac
[ACCOUNT-COMMON](!)
type=friend
nat=force_rport,comedia
secret=123456
canreinvite=no
dtmfmode=auto
callgroup=1
pickupgroup=1
context=phones
[1000](ACCOUNT-COMMON)
[1001](ACCOUNT-COMMON)
[1002](ACCOUNT-COMMON)
[1003](ACCOUNT-COMMON)
[1004](ACCOUNT-COMMON)
[1005](ACCOUNT-COMMON)
[1006](ACCOUNT-COMMON)
[1007](ACCOUNT-COMMON)
[1008](ACCOUNT-COMMON)
[1009](ACCOUNT-COMMON)
[1010](ACCOUNT-COMMON)
[1011](ACCOUNT-COMMON)
[1012](ACCOUNT-COMMON)
[1013](ACCOUNT-COMMON)
[1014](ACCOUNT-COMMON)
[1015](ACCOUNT-COMMON)
[1016](ACCOUNT-COMMON)
[1017](ACCOUNT-COMMON)
[1018](ACCOUNT-COMMON)
[1019](ACCOUNT-COMMON)
[1020](ACCOUNT-COMMON)
My extensions.conf
[phones]
exten => _X0XX,1,NoOp(First Line)
same => n,dumpchan()
same => n,NoOp(Second Line)
same => n,Dial(SIP/${CALLERID(dnid)}/${CALLERID(dnid)})
same => n,NoOp(dialstatus=${DIALSTATUS},causecode=${HANGUPCAUSE})
same => n,Hangup
The debug log from the client when I call
SIP Debugging enabled
<--- SIP read from UDP:111.108.30.208:62566 --->
<------------->
Really destroying SIP dialog 'e02d510346cd4db58cc2869ea3e85542' Method: REGISTER
<--- SIP read from UDP:111.108.30.208:62383 --->
<------------->
Really destroying SIP dialog '31f2d3b15ce749c38149a4443ceecc7b' Method: REGISTER
<--- SIP read from UDP:111.108.30.208:62566 --->
INVITE sip:1000#54.178.185.181:15060 SIP/2.0
Via: SIP/2.0/UDP 111.108.30.208:62566;rport;branch=z9hG4bKPj12729c1e32264a09a7651de39104bfa2
Max-Forwards: 70
From: sip:1000#192.168.80.123;tag=967faa9ed6f74b0189abfce3da60ba01
To: sip:1000#54.178.185.181
Contact: <sip:1000#111.108.30.208:62566;ob>
Call-ID: 188d3fbfedf0444e9e528ab83ea38416
CSeq: 30964 INVITE
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Supported: replaces, 100rel, timer, norefersub
Session-Expires: 1800
Min-SE: 90
User-Agent: PJSUA v2.4 win32-6.2/i386/msvc-15.0
Content-Type: application/sdp
Content-Length: 482
v=0
o=- 3741526335 3741526335 IN IP4 192.168.100.231
s=pjmedia
b=AS:84
t=0 0
a=X-nat:0
m=audio 4000 RTP/AVP 98 97 99 104 3 0 8 9 96
c=IN IP4 192.168.100.231
b=TIAS:64000
a=rtcp:4001 IN IP4 192.168.100.231
a=sendrecv
a=rtpmap:98 speex/16000
a=rtpmap:97 speex/8000
a=rtpmap:99 speex/32000
a=rtpmap:104 iLBC/8000
a=fmtp:104 mode=30
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-16
<------------->
--- (15 headers 22 lines) ---
Sending to 111.108.30.208:62566 (NAT)
Sending to 111.108.30.208:62566 (NAT)
Using INVITE request as basis request - 188d3fbfedf0444e9e528ab83ea38416
Found peer '1000' for '1000' from 111.108.30.208:62566
<--- Reliably Transmitting (NAT) to 111.108.30.208:62566 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 111.108.30.208:62566;branch=z9hG4bKPj12729c1e32264a09a7651de39104bfa2;received=111.108.30.208;rport=62566
From: sip:1000#192.168.80.123;tag=967faa9ed6f74b0189abfce3da60ba01
To: sip:1000#54.178.185.181;tag=as77fea572
Call-ID: 188d3fbfedf0444e9e528ab83ea38416
CSeq: 30964 INVITE
Server: Asterisk PBX 13.22.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="35993b20"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog '188d3fbfedf0444e9e528ab83ea38416' in 6400 ms (Method: INVITE)
<--- SIP read from UDP:111.108.30.208:62566 --->
ACK sip:1000#54.178.185.181:15060 SIP/2.0
Via: SIP/2.0/UDP 111.108.30.208:62566;rport;branch=z9hG4bKPj12729c1e32264a09a7651de39104bfa2
Max-Forwards: 70
From: sip:1000#192.168.80.123;tag=967faa9ed6f74b0189abfce3da60ba01
To: sip:1000#54.178.185.181;tag=as77fea572
Call-ID: 188d3fbfedf0444e9e528ab83ea38416
CSeq: 30964 ACK
Content-Length: 0
<------------->
--- (8 headers 0 lines) ---
<--- SIP read from TCP:111.108.30.208:63852 --->
INVITE sip:1000#54.178.185.181:15060 SIP/2.0
Via: SIP/2.0/TCP 192.168.100.231:62150;rport;branch=z9hG4bKPjcf39eb0d9b62487f9d334f67373ce98d;alias
Max-Forwards: 70
From: sip:1000#192.168.80.123;tag=967faa9ed6f74b0189abfce3da60ba01
To: sip:1000#54.178.185.181
Contact: <sip:1000#111.108.30.208:62566;ob>
Call-ID: 188d3fbfedf0444e9e528ab83ea38416
CSeq: 30965 INVITE
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Supported: replaces, 100rel, timer, norefersub
Session-Expires: 1800
Min-SE: 90
User-Agent: PJSUA v2.4 win32-6.2/i386/msvc-15.0
Authorization: Digest username="1000", realm="asterisk", nonce="35993b20", uri="sip:1000#54.178.185.181:15060", response="e5095bf9a92eeee6668d831f904e7cb1", algorithm=MD5
Content-Type: application/sdp
Content-Length: 482
v=0
o=- 3741526335 3741526335 IN IP4 192.168.100.231
s=pjmedia
b=AS:84
t=0 0
a=X-nat:0
m=audio 4000 RTP/AVP 98 97 99 104 3 0 8 9 96
c=IN IP4 192.168.100.231
b=TIAS:64000
a=rtcp:4001 IN IP4 192.168.100.231
a=sendrecv
a=rtpmap:98 speex/16000
a=rtpmap:97 speex/8000
a=rtpmap:99 speex/32000
a=rtpmap:104 iLBC/8000
a=fmtp:104 mode=30
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-16
<------------->
--- (16 headers 22 lines) ---
Sending to 111.108.30.208:63852 (NAT)
Using INVITE request as basis request - 188d3fbfedf0444e9e528ab83ea38416
Found peer '1000' for '1000' from 111.108.30.208:63852
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
Found RTP audio format 98
Found RTP audio format 97
Found RTP audio format 99
Found RTP audio format 104
Found RTP audio format 3
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 9
Found RTP audio format 96
Found audio description format speex for ID 98
Found audio description format speex for ID 97
Found audio description format speex for ID 99
Found audio description format iLBC for ID 104
Found audio description format GSM for ID 3
Found audio description format PCMU for ID 0
Found audio description format PCMA for ID 8
Found audio description format G722 for ID 9
Found audio description format telephone-event for ID 96
Capabilities: us - (ulaw|alaw|gsm), peer - audio=(ulaw|gsm|alaw|g722|speex|speex16|speex32|ilbc)/video=(nothing)/text=(nothing), combined - (ulaw|alaw|gsm)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
> 0x7fd8300072c0 -- Strict RTP learning after remote address set to: 192.168.100.231:4000
Peer audio RTP is at port 192.168.100.231:4000
Looking for 1000 in phones (domain 54.178.185.181)
sip_route_dump: route/path hop: <sip:1000#111.108.30.208:62566;ob>
<--- Transmitting (NAT) to 111.108.30.208:63852 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TCP 192.168.100.231:62150;branch=z9hG4bKPjcf39eb0d9b62487f9d334f67373ce98d;alias;received=111.108.30.208;rport=63852
From: sip:1000#192.168.80.123;tag=967faa9ed6f74b0189abfce3da60ba01
To: sip:1000#54.178.185.181
Call-ID: 188d3fbfedf0444e9e528ab83ea38416
CSeq: 30965 INVITE
Server: Asterisk PBX 13.22.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Session-Expires: 1800;refresher=uac
Contact: <sip:1000#54.178.185.181:15060;transport=tcp>
Content-Length: 0
<------------>
-- Executing [1000#phones:1] NoOp("SIP/1000-00000004", "First Line") in new stack
-- Executing [1000#phones:2] DumpChan("SIP/1000-00000004", "") in new stack
Dumping Info For Channel: SIP/1000-00000004:
================================================================================
Info:
Name= SIP/1000-00000004
Type= SIP
UniqueID= 1532505135.6
LinkedID= 1532505135.6
CallerIDNum= 1000
CallerIDName= (N/A)
ConnectedLineIDNum= (N/A)
ConnectedLineIDName=(N/A)
DNIDDigits= 1000
RDNIS= (N/A)
Parkinglot= default
Language= ja
State= Ring (4)
Rings= 0
NativeFormat= (ulaw)
WriteFormat= ulaw
ReadFormat= ulaw
RawWriteFormat= ulaw
RawReadFormat= ulaw
WriteTranscode= No
ReadTranscode= No
1stFileDescriptor= 29
Framesin= 0
Framesout= 0
TimetoHangup= 0
ElapsedTime= 0h0m0s
BridgeID= (Not bridged)
Context= phones
Extension= 1000
Priority= 2
CallGroup= 1
PickupGroup= 1
Application= DumpChan
Data= (Empty)
Blocking_in= (Not Blocking)
Variables:
SIPCALLID=188d3fbfedf0444e9e528ab83ea38416
SIPDOMAIN=54.178.185.181
SIPURI=sip:1000#111.108.30.208:62566
================================================================================
-- Executing [1000#phones:3] NoOp("SIP/1000-00000004", "Second Line") in new stack
-- Executing [1000#phones:4] Dial("SIP/1000-00000004", "SIP/1000/1000") in new stack
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
Audio is at 25572
Adding codec ulaw to SDP
Adding codec alaw to SDP
Adding codec gsm to SDP
Adding non-codec 0x1 (telephone-event) to SDP
Reliably Transmitting (NAT) to 111.108.30.208:62566:
INVITE sip:1000#111.108.30.208 SIP/2.0
Via: SIP/2.0/UDP 54.178.185.181:15060;branch=z9hG4bK770f26db;rport
Max-Forwards: 70
From: <sip:1000#54.178.185.181:15060>;tag=as14588959
To: <sip:1000#111.108.30.208>
Contact: <sip:1000#54.178.185.181:15060>
Call-ID: 3538e60b5e8c2c1b66ef00297fd218e0#54.178.185.181:15060
CSeq: 102 INVITE
User-Agent: Asterisk PBX 13.22.0
Date: Wed, 25 Jul 2018 07:52:15 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 303
v=0
o=root 1946525208 1946525208 IN IP4 54.178.185.181
s=Asterisk PBX 13.22.0
c=IN IP4 54.178.185.181
t=0 0
m=audio 25572 RTP/AVP 0 8 3 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
---
-- Called SIP/1000/1000
<--- SIP read from UDP:111.108.30.208:62566 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 54.178.185.181:15060;rport=15060;received=54.178.185.181;branch=z9hG4bK770f26db
Call-ID: 3538e60b5e8c2c1b66ef00297fd218e0#54.178.185.181:15060
From: <sip:1000#54.178.185.181>;tag=as14588959
To: <sip:1000#111.108.30.208>
CSeq: 102 INVITE
Content-Length: 0
<------------->
--- (7 headers 0 lines) ---
[Jul 25 16:52:15] NOTICE[1088]: chan_sip.c:15753 sip_reregister: -- Re-registration for 53065174#okj.sip.0038.net
REGISTER 12 headers, 0 lines
Reliably Transmitting (NAT) to 61.213.230.145:5060:
REGISTER sip:okj.sip.0038.net SIP/2.0
Via: SIP/2.0/UDP 54.178.185.181:15060;branch=z9hG4bK0b40ee91;rport
Max-Forwards: 70
From: <sip:53065174#okj.sip.0038.net>;tag=as7641fec7
To: <sip:53065174#okj.sip.0038.net>
Call-ID: 1fa69de43da6b2d9011b348e26cb4c7b#127.0.0.1
CSeq: 134 REGISTER
Supported: replaces, timer
User-Agent: Asterisk PBX 13.22.0
Authorization: Digest username="53065174", realm="okj.sip.0038.net", algorithm=MD5, uri="sip:okj.sip.0038.net", nonce="0ad266c5", response="d17a1a4a0db40775e77eeb0fcbc6581a"
Expires: 120
Contact: <sip:s#54.178.185.181:15060>
Content-Length: 0
---
<--- SIP read from UDP:61.213.230.145:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 54.178.185.181:15060;branch=z9hG4bK0b40ee91;rport
From: <sip:53065174#okj.sip.0038.net>;tag=as7641fec7
To: <sip:53065174#okj.sip.0038.net>;tag=as32fa296b
Call-ID: 1fa69de43da6b2d9011b348e26cb4c7b#127.0.0.1
CSeq: 134 REGISTER
WWW-Authenticate: Digest algorithm=MD5, realm="okj.sip.0038.net", nonce="2820b83b"
Content-Length: 0
<------------->
--- (8 headers 0 lines) ---
Responding to challenge, registration to domain/host name okj.sip.0038.net
REGISTER 12 headers, 0 lines
Reliably Transmitting (NAT) to 61.213.230.145:5060:
REGISTER sip:okj.sip.0038.net SIP/2.0
Via: SIP/2.0/UDP 54.178.185.181:15060;branch=z9hG4bK34214824;rport
Max-Forwards: 70
From: <sip:53065174#okj.sip.0038.net>;tag=as7641fec7
To: <sip:53065174#okj.sip.0038.net>
Call-ID: 1fa69de43da6b2d9011b348e26cb4c7b#127.0.0.1
CSeq: 135 REGISTER
Supported: replaces, timer
User-Agent: Asterisk PBX 13.22.0
Authorization: Digest username="53065174", realm="okj.sip.0038.net", algorithm=MD5, uri="sip:okj.sip.0038.net", nonce="2820b83b", response="4af3e85f4d165cb5ac9a9fa697a98438"
Expires: 120
Contact: <sip:s#54.178.185.181:15060>
Content-Length: 0
---
<--- SIP read from UDP:61.213.230.145:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 54.178.185.181:15060;branch=z9hG4bK34214824;rport
From: <sip:53065174#okj.sip.0038.net>;tag=as7641fec7
To: <sip:53065174#okj.sip.0038.net>;tag=as32fa296b
Call-ID: 1fa69de43da6b2d9011b348e26cb4c7b#127.0.0.1
CSeq: 135 REGISTER
Expires: 120
Contact: <sip:s#54.178.185.181:15060>;expires=120
Date: Wed, 25 Jul 2018 07:52:15 GMT
Content-Length: 0
<------------->
There doesn’t seem to be any errors in the log files
What am I missing here?
How is it possible that this problem comes up.
I personally thought it has something to do with the codex,
but after hours of searching, I don’t really know it anymore.
Thank you for your input
It’s highly appreciated.
Wesley
Try add to sip.conf to ACCOUNT-COMMON section next options.
disallow=all
allow=alaw
allow=ulaw
First INVITE contain "speex" codec initiate to.
I have to debug a crash. But everytime my system crash it failed to dump the crashdump into the swap memory. The erorr i am seeing is:-
**Uptime: 7m32s
Dumping 3735 out of 131037 MB:..1%(ada0:ahcich0:0:0:0): WRITE_DMA48. ACB: 35 00 16 c9 c3 40 39 00 00 00 08 00
(ada0:ahcich0:0:0:0): CAM status: CCB request was invalid
(ada0:ahcich0:0:0:0): Error 22, Unretryable error
Aborting dump due to I/O error.
** DUMP FAILED (ERROR 22) **
**
In my rc.conf i have set the dumpdev to AUTO and my swap memory is 4GB.
Here is the ouput of fstab:-
# Device Mountpoint FStype Options Dump Pass#
/dev/ada0p2 / ufs rw 1 1
/dev/ada0p3 none swap sw 0 0
Thanks
Your swap partition is smaller than your memory.
How do you expect 12 Gig to fit into 4Gig?
Recently, I bought a PositiveSSL certificate from Namecheap. I've been wanting to apply them to my website for use with iRedMail and WordPress, but I've had no luck doing this.
I received a ZIP file containing four files, and I don't understand what to do with them.
The four files are:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
www_mydomain_com.crt
My current settings in Postfix main.cf for SSL are:
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
# smtpd_tls_CAfile =
My current settings in Dovecot dovecot.conf for SSL are:
ssl = required
verbose_ssl = no
#ssl_ca =
ssl_cert = </etc/pki/tls/certs/iRedMail_CA.pem
ssl_key = </etc/pki/tls/private/iRedMail.key
I'm assuming I'm meant to change these entries to accommodate the new certificates, but I just don't know how to set this up at all.
I have the .key and .csr files from when I generated the certificates, as well.
Can anyone help me out here? I've never had to set all of this up (and I'm a bit of a Linux novice), so I'm at a complete loss here. Also, I'm running Scientific Linux 6 64bit, if that makes any difference. I don't have any GUI (like cPanel) set up, either.
Thank you in advance.
I don't understand what to do with them.
* AddTrustExternalCARoot.crt
* COMODORSAAddTrustCA.crt
* COMODORSADomainValidationSecureServerCA.crt
* www_mydomain_com.crt
You need to build a certificate chain for the server to serve. You can't just send the end-entity (server certificate). Here's how you do it with the files that were provided to you.
Ignore this one. Its the CA, and the client must already have it and trust it:
AddTrustExternalCARoot.crt
Concatemate these three into a single file, in this particular order. Call it something like www_mydomain_com_chain.pem:
www_mydomain_com.crt
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
After concatenation, the file should look like:
-----BEGIN CERTIFICATE-----
<server certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate>
-----END CERTIFICATE-----
Plug the file with the concatenated certificates into smtpd_tls_cert_file.
You can test you rig with the following. It should finish with a message similar to Verify Result 0 (Ok).
openssl s_client -connect <server>:465 -CAfile AddTrustExternalCARoot.crt
Note: for testing, its important to pick a mail port that transport over SSL/TLS, like 465 or 995. Its easier than trying to coordinate a -starttls option within s_client.
Related: COMODORSADomainValidationSecureServerCA.crt is really an intermediate certificate. You can find it at [Intermediate #2 (SHA-2)] Comodo RSA Domain Validation Secure Server CA.
Related: COMODORSAAddTrustCA.crt is really an intermediate certificate. You can find it at [Intermediate #1] COMODO AddTrust Server CA.
Related: someone had a similar issue recently using Comodo's gear. See SSL site and browser warning.
The server is once again using the configuration provided above, and the domain is "www.lildirt.com". Again, I ran a check using DigiCert's tool, and it's still saying I'm using my old self-signed certificate (that expires in 10 years), but I've changed the settings above.
OK, your mail server is mail.lildirt.com:
$ dig lildirt.com mx
; <<>> DiG 9.8.5-P1 <<>> lildirt.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27746
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;lildirt.com. IN MX
;; ANSWER SECTION:
lildirt.com. 1799 IN MX 10 mail.lildirt.com.
;; Query time: 109 msec
;; SERVER: 172.16.1.10#53(172.16.1.10)
;; WHEN: Mon Aug 11 18:33:49 EDT 2014
;; MSG SIZE rcvd: 50
Now, check it with OpenSSL. You don't have Secure SMTP running:
$ openssl s_client -connect mail.lildirt.com:465 -CAfile AddTrustExternalCARoot.crt
connect: Connection refused
connect:errno=61
And you don't have SSL/TLS enabled on 995 (or 587 and 993 for that matter):
$ openssl s_client -connect mail.lildirt.com:995 -CAfile AddTrustExternalCARoot.crt
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
---
...
And this is a problem:
$ telnet mail.lildirt.com 25
Trying 107.178.109.102...
telnet: connect to address 107.178.109.102: Operation timed out
telnet: Unable to connect to remote host
Is Postfix even running?
The server is once again using the configuration provided above, and the domain is "www.lildirt.com". Again, I ran a check using DigiCert's tool, and it's still saying I'm using my old self-signed certificate
Why are you running a tool against www.lildirt.com:443? The problem you presented is for Postfix and a mail server configuration. www.lildirt.com has nothing to do with your question.
If interested, you don't need web based tools. OpenSSL gives you everything you need to know:
$ openssl s_client -connect www.lildirt.com:443
CONNECTED(00000003)
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.lildirt.com, OU = IT, CN = mail.lildirt.com, emailAddress = root#mail.lildirt.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.lildirt.com, OU = IT, CN = mail.lildirt.com, emailAddress = root#mail.lildirt.com
verify return:1
...
And:
$ openssl s_client -connect www.lildirt.com:443 | openssl x509 -text -noout
...
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17052364516268315109 (0xeca62b2e24a611e5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, ST=GuangDong, L=ShenZhen, O=mail.lildirt.com, OU=IT, CN=mail.lildirt.com/emailAddress=root#mail.lildirt.com
Validity
Not Before: Jun 1 21:42:41 2014 GMT
Not After : May 29 21:42:41 2024 GMT
Subject: C=CN, ST=GuangDong, L=ShenZhen, O=mail.lildirt.com, OU=IT, CN=mail.lildirt.com/emailAddress=root#mail.lildirt.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9a:53:ff:41:29:4f:41:01:62:40:1b:8d:98:81:
50:21:7a:c9:d6:29:fb:1d:67:68:de:9f:22:b9:36:
23:56:c4:75:aa:44:75:29:2b:84:9f:0b:0a:e4:d3:
4d:a1:94:8c:04:a4:35:f4:fa:03:1a:46:28:8c:a4:
c5:63:76:72:92:f1:a5:f8:75:cc:61:64:5b:c4:12:
70:a6:d0:da:62:b9:f2:d0:b9:65:d8:06:d9:aa:40:
21:fb:2b:df:12:e2:d3:7c:a9:0e:4e:d3:91:21:2d:
ad:d1:9c:1a:bf:fd:38:05:ef:9c:6e:61:2f:f9:22:
75:94:b1:2a:29:8b:45:b0:aa:fe:31:f3:32:9d:ce:
cc:2d:5d:e9:c6:0a:06:37:fd:ce:5d:09:1c:bf:98:
b7:d5:cc:2a:2f:e3:ba:79:a4:54:4e:70:de:dd:49:
e6:71:27:eb:14:ed:80:e1:bc:ab:04:c9:73:90:8d:
91:a7:c5:73:16:22:3d:a6:3b:84:5b:0e:a7:ec:1e:
67:c4:59:d9:76:17:37:16:02:94:d7:eb:82:e6:ae:
93:04:92:d7:2b:b4:6f:8a:d4:2b:64:77:9f:89:30:
34:a2:99:4a:f9:ac:d0:ec:c0:e0:0d:34:dc:03:53:
1e:35:96:4d:15:aa:46:70:b5:11:aa:41:84:84:00:
bc:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:6C:14:8A:E0:6F:7D:D9:80:BF:9A:80:A4:16:11:D4:C7:83:07:FB
X509v3 Authority Key Identifier:
keyid:1A:6C:14:8A:E0:6F:7D:D9:80:BF:9A:80:A4:16:11:D4:C7:83:07:FB
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
4b:78:ac:8d:09:a0:c1:a0:66:66:c6:6c:4e:40:75:a8:00:08:
d6:be:31:f3:0f:48:7c:2d:ed:c6:2e:b9:39:06:38:66:a3:68:
23:0a:d6:11:cf:2c:9d:18:60:37:25:a2:24:0f:9c:4a:2a:09:
cc:e0:5b:36:3b:0d:47:01:47:6e:11:5a:7e:0d:9e:aa:7d:1b:
41:3e:37:2f:b5:72:45:62:8f:cf:6f:27:d6:6f:5b:1c:bc:c7:
9a:10:85:41:6c:c9:2f:7f:c6:b5:eb:cc:8c:ca:33:4a:83:ab:
7a:fd:6b:dc:23:44:79:79:3b:8e:dd:de:77:d6:8e:e7:06:28:
53:66:b9:96:ef:ad:04:7e:dd:23:99:6e:d8:9e:c5:3a:d9:ef:
25:be:ee:90:f4:47:16:17:16:fe:37:da:f4:a9:cd:8c:54:47:
ad:ed:ce:30:69:23:ee:58:23:bb:8f:db:0a:b7:4f:fb:00:95:
34:c2:25:3a:37:20:2b:7d:3a:19:1c:ad:75:29:4e:f5:cb:de:
8d:98:54:e7:f4:1c:24:a8:62:b2:0b:3e:71:2d:1a:b9:98:59:
ca:66:ac:68:a7:a0:0a:da:8f:35:8c:d1:ba:33:1f:a4:39:bc:
fd:58:a3:67:4d:eb:c2:00:9c:36:9a:a7:58:2c:2a:f1:38:c9:
13:74:e0:04
From above, (1) no DNS names in Common Name (its deprecated by both the IETF and CA/Browser Forums); (2) CA:FALSE (not TRUE since you are not issuing certificates); (3) add DNS names to Subject Alternate Names (required by CA/Browser Forums).
See SSL Certificate Verification : javax.net.ssl.SSLHandshakeException on how to issue a self signed with the proper attributes and multiple DNS names in the Subject Alternate Name (SAN).
Here's an example for armor-cloud.com. This is what its supposed to look like for Secure IMAP on port 993. You should get nearly similar results assuming you provide Secure IMAP. The difference is the domain and the CA. Notice the command finishes with Verify Return Code: 0 (ok).
$ openssl s_client -connect mail.armor-cloud.com:993 -CAfile startcom-ca.pem
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/CN=mail.armor-cloud.com/emailAddress=webmaster#armor-cloud.com
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGTDCCBTSgAwIBAgIDEMlWMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQwNTI5MjIzODQy
WhcNMTUwNTMwMDYzMDAwWjBWMQswCQYDVQQGEwJVUzEdMBsGA1UEAxMUbWFpbC5h
cm1vci1jbG91ZC5jb20xKDAmBgkqhkiG9w0BCQEWGXdlYm1hc3RlckBhcm1vci1j
bG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSL72lQJya
JQ6vvXQpWUzAjOxuI+5u2bmBmblc7AoFDwOoFozg1aEUz5B7q/9DcJZpX8eF76JG
3E/zoU8s7pq30U1LAbg3d7Rg5OTc8bJd21BdUz8Bt3OctFxTKhddYpSkM3LjGEuR
9tRzTCY/KDFglZMBDoz4iJdHFTL3WaCCuvulaanz/zMFx2Kp4p9Jep8/BR4OtfOx
8RexSVwmjXm+CmN6npBl2cl3Li4XUKqfr9uMD24cNgom/Plt3lq4FQpGsb8k29S0
6JMJYpKXFVM/XGKNI8g3aQdxi3daQiTgngtw8r7n8nHUTIOIl/kg3dfDwSYW6sE/
LyXfjYl+XY2/AgMBAAGjggLqMIIC5jAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAT
BgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUqOXcMohVao8F4j9YVhdZj98N
WxkwHwYDVR0jBBgwFoAU60I00Jiwq5/0G2sI98xkLu8OLEUwMAYDVR0RBCkwJ4IU
bWFpbC5hcm1vci1jbG91ZC5jb22CD2FybW9yLWNsb3VkLmNvbTCCAVYGA1UdIASC
AU0wggFJMAgGBmeBDAECATCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcC
ARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUH
AgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqB
vlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhlIENs
YXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENB
IHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2Ug
aW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4w
NQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0MS1j
cmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz
cC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKG
Nmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuc2VydmVy
LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJ
KoZIhvcNAQELBQADggEBAGN4+kuLiZdUVgNL2cjLLv5IeLhq5Ly35BKJ8SohkKdM
B2cWOC3r+iFohxRI+VvILOwh7GCuWsWWJLOd17klgWf3EF7EkYFyR4PB6m71BdRD
RTNDXw27Xw0lADMBP36f28lo8X26EJbpav7MVNK9gqbdHU/dEYfY34S9li/iXe2n
E7Resh/vPEmFuebSrpHrfUT5fWWsbZKWcEZOWJwd8nqztI/7TdI63H9O1BgrCxQ/
lL+t9HsRfoh7EjEmjYy7O4q1oFAa0RmYvsikhVJo++6gsyPKHcOKzb65RWb2RTiM
lzbvqlg3+XplAdVzzqC+M0C5JHeIXAZosWTmkgDGPHU=
-----END CERTIFICATE-----
subject=/C=US/CN=mail.armor-cloud.com/emailAddress=webmaster#armor-cloud.com
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3524 bytes and written 626 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: E6CD57CF3A522AC3093C3A734EE8C8369F8ECD5A0C1206FB77184D481910B9B8
Session-ID-ctx:
Master-Key: 5DC080AC9627E8294A2C675D5177BFDC25B897371FEA36944CB60181B4C39D15E284DCB04A174AECCB41175430FFBFF3
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 29 80 70 c1 ea 19 57 e3-25 5b ee eb 12 39 f8 c3 ).p...W.%[...9..
0010 - 97 c6 38 82 cd 4e a2 5d-ba b9 06 5f 4f 62 25 34 ..8..N.]..._Ob%4
0020 - a1 6b 49 04 8a 8b 9f d2-e7 3c 0d 63 70 ae dc aa .kI......<.cp...
0030 - 9f d5 a1 d1 e4 26 01 bb-0e 1a f7 7f 35 0e af 6b .....&......5..k
0040 - 28 70 be e0 d3 4f 93 62-c8 2c 2c 43 2a 32 71 f3 (p...O.b.,,C*2q.
0050 - 4a 1b 5a 35 4c d5 e2 e6-ad c1 65 18 42 4b 67 89 J.Z5L.....e.BKg.
0060 - 8b 97 95 dd cf 0f 3e b1-32 6e 52 a0 77 9c 86 cc ......>.2nR.w...
0070 - 47 39 b4 66 60 33 74 12-b1 25 a5 4e 71 0d 60 e5 G9.f`3t..%.Nq.`.
0080 - 79 8f a3 9c 06 a1 5b cc-a3 f7 c4 bd f4 86 77 0c y.....[.......w.
0090 - 5f 24 57 38 06 fa a2 34-57 e7 64 56 ce 73 24 ad _$W8...4W.dV.s$.
Start Time: 1407799533
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
* OK IMAPrev1
im testing gnugk, openmcu along with a few tandberg vc units for a video conference call.
my config is....
gnugk + openmcu => 10.21.34.2
tandberg vc =>10.21.34.151..
When i invite VC for conference for the fist time from openmcu web interface, it connect for a while and it shows connecting but soon the call terminates itself.
A few log messages from gnugk are (at the time of conecting and disconnecting)...
011/06/27 17:59:57.968 3 ProxyChannel.cxx(965) Q931d Received: Alerting CRV=24075 from 10.21.34.151:1720
2011/06/27 18:00:01.978 3 ProxyChannel.cxx(965) Q931d Received: Connect CRV=24075 from 10.21.34.151:1720
2011/06/27 18:00:01.978 2 gkacct.cxx(1043) GKACCT Successfully logged event 32 for call no. 18
2011/06/27 18:00:01.978 3 ProxyChannel.cxx(4400) H245 Set h245Address to 10.21.34.2:53057
2011/06/27 18:00:01.981 3 ProxyChannel.cxx(4319) H245 Connected from 10.21.34.2:46867 on 10.21.34.2:53057
2011/06/27 18:00:01.982 3 ProxyChannel.cxx(4351) H245 Connect to 10.21.34.151:11011 from 10.21.34.2:0 successful
2011/06/27 18:00:02.080 3 ProxyChannel.cxx(1163) H245 ERROR DECODING H.245 from 10.21.34.2:43717
2011/06/27 18:00:11.993 3 ProxyChannel.cxx(965) Q931s Received: ReleaseComplete CRV=24075 from 10.21.34.2:43717
2011/06/27 18:00:11.993 1 RasTbl.cxx(3534) CDR|18|06 78 94 d6 26 9f e0 11 90 3b 00 0c 29 21 33 74|10|Mon, 27 Jun 2011 18:00:01 +0530|Mon, 27 Jun 2011 18:00:11 +0530|10.21.34.2:43717|4125_endp|10.21.34.151:1720|4121_endp|10.21.34.151:1720|OpenH323 MCU v2.2.1:h323_ID|GnuGk;
Any help can enlighten me...
Thx.
It looks like your GnuGk can't decode one of the H.245 messages. Are you using the latest version (2.3.4) ?
This might be something to ask on the GnuGk mailinglist (subscribe through www.gnugk.org).