TLS Problem

Discussion in '3CX Phone System - General' started by Anonymous, Dec 13, 2011.

Thread Status:
Not open for further replies.
  1. Anonymous

    Anonymous Guest

    Hello!

    our setup:
    3cx-server behind a NAT with all nessesary ports forwarded
    3cxphone extentions (in a different location) behind a full-cone NAT

    everything works fine, great audio, SRTP works too.

    now, if we set up TLS (everything according to the how-to from the blog), we get a register, but it says "Authorization system can not identify source of: SipReq", followed by connection data which seems to be pretty valid, too. The connection is established, though.

    further, if you make a call from that extention, it is rejected and we read the following in the log: "Unidentified incoming call. Review INVITE and adjust source identification".

    calls TO that extention work regardless.

    if we go on and setup a tunnel within the 3cxphone, it seems to start working, BUT: there is no TLS any more (UDP transport is showing in the logs).

    can anyone help? thank you.

    Roman.
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,356
    Likes Received:
    224
    When you do a call set-up is it using the Public UP or a URL at the 3CX end? This information need to be put into 3CX in as the Host Domain.
     
  3. Anonymous

    Anonymous Guest

    it is using a public IP.

    this ip is also configured in 3cx-server in "Network/STUN" and "Network/Public IP"
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,356
    Likes Received:
    224
    But.... did you put it in as the "SIP Domain" (thinking about it, I don't believe it's called host domain in the settings)in 3CX?
     
  5. Anonymous

    Anonymous Guest

    Aha! the setting is called "SIP Domain" and it is now much better. Registration is now without errors and the calls from that extention work also.

    Thank you for your tip, leejor, strange this was not mentioned in the tls-howto.

    Still, there are two problems that remain:

    1. I get an error logged during a call from that extention every several seconds: "Got TLS read ret=0 error=6 error:00000006:lib(0):func(0):EVP lib". Could this be ignored?

    2. There is only one instance of the softphone I managed to configure successfully. All other instances get an "server unreachable" while the server log an error "unknown CA". We've tested the clients within the same network and also in other networks to no avail. We checked the configuration many times, reimported the cert just to make sure it is the one and still, no progress.
     
Thread Status:
Not open for further replies.