TIPS Voip.ms Announces Encryption. Anybody got it to work?

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
So, I've tried using the instructions in this post:
https://www.dslreports.com/forum/r32328534-

And I had no luck.

Code:
                                                Incredible PBX 13.17.1 for Scientific Linux

                                                Asterisk: UP      Apache: UP    MySQL: UP
                                                SendMail: UP    IPtables: UP      SSH: UP
                                                LAN port: UP    Fail2Ban: UP   Webmin: UP
                                                GV OAUTH: UP   PortKnock: UP   NR VPN: UP
                                                FaxGetty: UP   IAX Modem: UP  HylaFax: UP

                                                RAM:19MB Scientific Linux 6.7  Disk:4.1GB

                                                Asterisk 13.17.1    Incredible GUI 12.0.39

Anyone have advice?

Might spin up a new server to attempt this with, this one's been running for a couple of years so I think it's time for a refresh anyway.
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
Code:
[2019-03-19 07:25:25] VERBOSE[5609][C-00000000] app_dial.c: Called SIP/voipms/4443
[2019-03-19 07:25:25] WARNING[5454][C-00000000] sdp_srtp.c: Could not set SRTP policies
[2019-03-19 07:25:25] WARNING[5454][C-00000000] chan_sip.c: Rejecting secure audio stream without encryption details: audio 18714 RTP/SAVP 0 $
[2019-03-19 07:25:25] VERBOSE[5609][C-00000000] app_dial.c: Everyone is busy/congested at this time (1:0/0/1)
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
Thanks Ward, you may have noticed I linked that in my post. It didn't work for me. Curious if it's just me, or something else.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Oops. Sorry. Haven't tried it yet, but it's on my list.
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
So I spun up a new server:
Code:
                                                              Incredible PBX/FAX 13-13.10 for CentOS 6

                                                              Asterisk: UP      Apache: UP    MySQL: UP
                                                              SendMail: UP    IPtables: UP      SSH: UP
                                                              LAN port: UP    Fail2Ban: UP   Webmin: UP
                                                              GV OAUTH: UP   PortKnock: UP   NR VPN: UP
                                                              FaxGetty: UP   IAX Modem: UP  HylaFax: UP

                                                              RAM:339MB CentOS release 6.10  Disk:17GB

                                                              Asterisk 13.25.0    Incredible 13.0.122.60
And following the post on DSL Reports, it appears to be successful. I did have to set the system to SSLv1 though, but that was easy to see.

Haven't done extensive testing, but I can call the echo test.
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
Short lived. No incoming with this set up. The call doesn't appear to hit the server, at all. IPTables off and all. If I set it all to un-encrypted the call works.
 

markrmcs

Member
Joined
Jan 4, 2008
Messages
51
Reaction score
10
Short lived. No incoming with this set up. The call doesn't appear to hit the server, at all. IPTables off and all. If I set it all to un-encrypted the call works.

Is it possible that the server needs to have a valid cert to to allow incoming TLS connections?
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
I think I'll just wait until Ward produces a nice magic document that has been tested and proven. Or at least something that is known to work, somewhat. Then I'll be an early adopter and give it a whirl. But you are right @markrmcs , it could be a cert issue on my server.
 

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
520
Reaction score
90
I don't see any options on my account to enable this.
 

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
520
Reaction score
90
Joined the beta program and I see those options now. Next steps?
 

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
520
Reaction score
90
I tried setting things up as per the instructions on DSLReports, and I get this message spamming my console

Code:
[2019-03-21 20:41:27] NOTICE[31385]: chan_sip.c:15920 sip_reg_timeout:    -- Registration for '[email protected]' timed out, trying again (Attempt #3)
[2019-03-21 20:41:27] WARNING[9277]: tcptls.c:900 __ssl_setup: Usage of SSLv2 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!
[2019-03-21 20:41:27] ERROR[9277]: tcptls.c:695 handle_tcptls_connection: Problem setting up ssl connection: error:00000006:lib(0):func(0):EVP lib, Unknown
[2019-03-21 20:41:27] WARNING[9277]: tcptls.c:782 handle_tcptls_connection: FILE * open failed!
 

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
520
Reaction score
90
So just an update: I changed to tlsv1 as the error suggested. My PBX registers, and I can make calls going OUT, but I have NO incoming. Same problem as @tbrummell
 

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
520
Reaction score
90
So I have some good news. After flipping the switch to turn on TLS and selecting the default cert, making sure to set the TLS bind to 5061, changing PJSIP to 5062, performing a reboot, then making sure the settings stuck, inbound calls work.
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
I guess you hit on the magic solution. I attempted this again, with a brand new install. I for the life of me cannot make it work. Out works, but nothing in. Must get back to the job that pays the bills now so time to destroy the VM.
 

Members online

Forum statistics

Threads
25,778
Messages
167,504
Members
19,198
Latest member
serhii
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top