minisip point to point TLS problem
Mikael Magnusson
mikma264 at gmail.com
Tue Aug 7 23:01:29 CEST 2007
On Thu, Jul 05, 2007 at 07:25:15PM +0200, larrykind wrote:
> Hi everyone,
> I'm trying to keep two minisip instances in TLS point to point
> communication, without proxy in the middle ( I'm using the trunk 3351
> version). The calling procedure works fine, minisip tells me the call
> is "secure", so the certificates and keys I made with openssl seems to
> work.
> Effectively when I go analyze my ethernet traffic with ethereal the
> packets seem to be encrypted (the two minisip have the same settings),
> but it tells me also that NO packet goes through the 5061 port!
> Everything goes through 5060 port, SIP signalling also.
> Furthermore I tried to call the other side minisip at 5061 port
> (something like bob at 192.168.xxx.xxx:5061), but It doesn't work, the
> receiver doesn't signal there is an incoming call, even if ethereal
> signals me that effectively an "INVITE" packet passed through the 5061
> port. The INVITE on 5061 is refused it with an "ICMP - port
> unreachable" message. Could someone explain me what is my mistake?
> Maybe I need to use a proxy/registrar?
> Thank you very much.
>
> Larry
You need to add a transpor parameter specifying "tls" to the url,
otherwise it doesn't use tls.
For example: bob at 192.168.xxx.xxx:5061;transport=tls
Btw, in minisip the secure icon means media is protected, not
SIP signalling. When enabling tls in a SIP account, all SIP
signalling to the SIP proxy will be protected.
/Mikael M
More information about the Minisip-users
mailing list