한국어

소프트스위치

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유

   ◎위챗 : speedseoul


  
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


https://github.com/OpenSIPS/opensips/blob/master/modules/tls_mgm/README


TLS_MGM module

Peter Griffiths

   unknown

Klaus Darilion

   enum.at

Edited by

Klaus Darilion

Edited by

Bogdan-Andrei Iancu

Edited by

Cesc Santasusana

Edited by

Klaus Darilion

Edited by

Christian Lahme

Edited by

Ionut-Razvan Ionita

Edited by

Marius Cristian Eseanu

Edited by

Robert-Vladut Patrascu

   Copyright © 2005 Voice Sistem SRL

   Copyright © 2005 Cesc Santasusana

   Copyright © 2006 enum.at

   Copyright © 2013 Secusmart GmbH

   Copyright © 2015 OpenSIPS Solutions
     __________________________________________________________

   Table of Contents

   1. Admin Guide

        1.1. Overview
        1.2. Usage
        1.3. TLS domains
        1.4. Defining TLS domains
        1.5. Dependencies of external libraries
        1.6. Exported Functions

              1.6.1. is_peer_verified

        1.7. Exported MI Functions

              1.7.1. tls_list
              1.7.2. tls_reload

        1.8. OpenSIPS Exported parameters

              1.8.1. listen=interface
              1.8.2. tls_method ([domain]string)
              1.8.3. certificate ([domain](string)
              1.8.4. private_key ([domain](string)
              1.8.5. ca_list ([domain](string)
              1.8.6. ca_dir ([domain](string)
              1.8.7. ciphers_list ([domain](string)
              1.8.8. dh_params ([domain](string)
              1.8.9. ec_curve ([domain](string)
              1.8.10. verify_cert ([domain](string) and
                      require_cert ([domain](string)

              1.8.11. tls_handshake_timeout (integer) and
                      tls_send_timeout (integer)

              1.8.12. client_domain_avp (integer)
              1.8.13. db_url (string)
              1.8.14. db_table (string)
              1.8.15. domain_col (string)
              1.8.16. address_col (string)
              1.8.17. tls_method_col (string)
              1.8.18. verify_cert_col (string)
              1.8.19. require_cert_col (string)
              1.8.20. certificate_col (string)
              1.8.21. private_key_col (string)
              1.8.22. crl_check_all_col (string)
              1.8.23. crl_dir_col (string)
              1.8.24. ca_list_col (string)
              1.8.25. ca_dir_col (string)
              1.8.26. cipher_list_col (string)
              1.8.27. dh_params_col (string)
              1.8.28. ec_curve_col (string)
              1.8.29. server_domain, client_domain (string)

        1.9. Variables

              1.9.1. $tls_version
              1.9.2. $tls_description
              1.9.3. $tls_cipher_info
              1.9.4. $tls_cipher_bits
              1.9.5. $tls_[peer|my]_version
              1.9.6. $tls_[peer|my]_serial
              1.9.7. $tls_[peer|my]_[subject|issuer]
              1.9.8. $tls_[peer|my]_[subject|issuer]_cn
              1.9.9. $tls_[peer|my]_[subject|issuer]_locality
              1.9.10. $tls_[peer|my]_[subject|issuer]_country
              1.9.11. $tls_[peer|my]_[subject|issuer]_state
              1.9.12. $tls_[peer|my]_[subject|issuer]_organization
              1.9.13. $tls_[peer|my]_[subject|issuer]_unit
              1.9.14. $tls_[peer|my]_san_email
              1.9.15. $tls_[peer|my]_san_hostname
              1.9.16. $tls_[peer|my]_san_uri
              1.9.17. $tls_[peer|my]_san_ip
              1.9.18. $tls_peer_verified
              1.9.19. $tls_peer_revoked
              1.9.20. $tls_peer_expired
              1.9.21. $tls_peer_selfsigned
              1.9.22. $tls_peer_notBefore
              1.9.23. $tls_peer_notAfter

        1.10. OpenSIPS with TLS - script example
        1.11. Debug TLS connections

   2. Developer Guide

        2.1. API Functions

              2.1.1. find_server_domain
              2.1.2. find_client_domain
              2.1.3. get_handshake_timeout
              2.1.4. get_send_timeout

        2.2. TLS_CONFIG
        2.3. TLS_INIT

              2.3.1. ssl context
              2.3.2. pre_init_tls
              2.3.3. init_tls
              2.3.4. destroy_tls
              2.3.5. tls_init
              2.3.6. os_malloc, os_realloc, os_free

        2.4. TLS_DOMAIN

              2.4.1. tls_domains
              2.4.2. tls_find_server_domain
              2.4.3. tls_find_client_domain
              2.4.4. tls_find_client_domain_addr
              2.4.5. tls_find_client_domain_name
              2.4.6. tls_new__domain
              2.4.7. tls_new_server_domain
              2.4.8. tls_new_client_domain
              2.4.9. tls_new_client_domain_name
              2.4.10. tls_free_domains

   List of Examples

   1.1. is_peer_verified usage
   1.2. Set listen variable
   1.3. Set tls_method variable
   1.4. Set certificate variable
   1.5. Set private_key variable
   1.6. Set ca_list variable
   1.7. Set ca_dir variable
   1.8. Set ciphers_list variable
   1.9. Set dh_params variable
   1.10. Set verify_cert & require_cert variable
   1.11. Set tls_handshake_timeout & tls_send_timeout variable
   1.12. Set tls_client_domain_avp variable
   1.13. Usage of db_url block
   1.14. Usage of db_table block
   1.15. Usage of domain_col block
   1.16. Usage of address_col block
   1.17. Usage of tls_method_col block
   1.18. Usage of vertify_cert_col block
   1.19. Usage of require_cert_col block
   1.20. Usage of certificate_col block
   1.21. Usage of private_key_col block
   1.22. Usage of crl_check_all block
   1.23. Usage of crl_dir_col block
   1.24. Usage of ca_list_col block
   1.25. Usage of ca_dir_col block
   1.26. Usage of cipher_list_col block
   1.27. Usage of dh_params_col block
   1.28. Usage of ec_curve_col block
   1.29. Usage of tls_client_domain and tls_server_domain block
   1.30. Example of $tls_[peer|my]_[subject|issuer]
   1.31. Script with TLS support
   1.32. Example of TLS logging

Chapter 1. Admin Guide

1.1. Overview

   This module is a management module for TLS certificates and
   parameters. It provides an interfaces for all the modules that
   use the TLS protocol. It also implements TLS related functions
   to use in the routing script, and exports pseudo variables with
   certificate and TLS parameters.

1.2. Usage

   This module is used to provision TLS certificates and
   parameters for all the modules that use TLS transport (like
   proto_tls or proto_wss). The module supports multiple virtual
   domains that can be assigned to different listeners (servers)
   or new connections (clients). Each TLS module that uses this
   management module should assign itself to one or more domains.

   The module allows the definition of the TLS domains both via
   module parameters (script level) and via an SQL table.

   A script example which details this module's usage can be found
   in Section 1.10, “OpenSIPS with TLS - script example”.

1.3. TLS domains

   The wording 'TLS domain' means that this TLS connection will
   have different parameters than another TLS connection (from
   another TLS domain). Thus, TLS domains are not directly related
   to different SIP domains, although they are often used in
   common. Depending on the direction of the TLS handshake, a TLS
   domain is called 'client domain' (=outgouing TLS connection) or
   'server domain' (= incoming TLS connection).

   If you only run one domain, a default domain is enough. If you
   are running several TLS servers (that is, you have more than
   one listen=tls:ip:port entry in the config file), you can
   specify some parameters for each of them separately (not all
   the above).

   For example, TLS domains can be used in virtual hosting
   scenarios with TLS. OpenSIPS offers SIP service for multiple
   domains, e.g. atlanta.com and biloxi.com. Altough both domains
   will be hosted a single SIP proxy, the SIP proxy needs 2
   certificates: One for atlanta.com and one for biloxi.com. For
   incoming TLS connections, the SIP proxy has to present the
   respective certificate during the TLS handshake. As the SIP
   proxy does not have a received SIP message yet (this is done
   after the TLS handshake), the SIP proxy can not retrieve the
   target domain (which will be usually retrieved from the domain
   in the request URI). Thus, distinction for these domains must
   be done by using multiple sockets. The socket on which the TLS
   connection is received, identifies the respective domain. Thus
   the SIP proxy is able to present the proper certificate.

   For outgoing TLS connections, the SIP proxy usually has to
   provide a client certificate. In this scenario, socket based
   distinction is not preferable as there is no dedicated outgoing
   socket. Thus, the certificate selection (selection of the
   proper TLS client domain) can be name based. If the SIP proxy
   establishes a new outgoing TLS connection, it checks for the
   TLS client domain AVP (parameter tls_client_domain_avp). If
   this AVP is set (e.g. in OpenSIPS.cfg), OpenSIPS searches for a
   TLS client domain with the same name as the AVP value and uses
   the associated certificates.

   TLS client domains can also be matched by socket. If no TLS
   client domain AVP is found, OpenSIPS searches for a TLS client
   domain based on the destination socket of the underlying
   outgoing TCP connection that must match with the defined
   address for a client domain.

   Note: If there is already an existing TLS connection to the
   remote target, it will be reused wether the TLS client domain
   AVP matches or not.

   NOTE: Make sure to also configure OpenSIPS to listen on the
   specified IP:port.

   NOTE: Except tls_handshake_timeout and tls_send_timeout all TLS
   parameters can be set per TLS domain. If a parameter is not
   explicit set, the default value will be used.

   It's usable only if TLS support was compiled.

1.4. Defining TLS domains

   TLS domains can be defined in two ways:
     * by setting the server_domain or client_domain module
       parameters
     * by provisioning in DB

   For the domains defined in the DB, the certificate, private
   key, list of trusted CAs and Diffie-Hellman parameters are
   provisioned as BLOB values whether for script defined domains
   you must provide path to files.

   When a TLS domain can't be chosen for an outgoing or incoming
   TLS connection the default client or server domain is used. A
   default domain is automatically created (with default settings)
   but you can also set the certificate, private key etc. in the
   same way as for other domains (through the module parameters or
   by DB).

   The default domains from the DB (provisioned with the domain
   name default) overwrite the standard default domains even if
   you have set ceratain parameters (certificate, ca_list etc.)
   for the default domain through the script. When defining
   default domains in the DB you can specificy a default client or
   server domain separately or a single specification to be used
   for both scenarios.

   You can define domains both in the DB and script at the same
   time (even default domains).

   For any TLS domain (defined through script or DB, default or
   virtual) if not specified otherwise, the default settings are:
     * method - SSLv23
     * verify_cert - 1
     * require_cert - 1
     * certificate - CFG_DIR/tls/cert.pem
     * private_key - CFG_DIR/tls/ckey.pem
     * crl_check_all - 0
     * crl_dir - none
     * ca_list - none
     * ca_dir - /etc/pki/CA/
     * cipher_list - the OpenSSL default ciphers
     * dh_params - none
     * ec_curve - none

1.5. Dependencies of external libraries

   OpenSIPS TLS v1.0 support requires the following packages:
     * openssl or libssl >= 0.9.6
     * openssl-dev or libssl-dev

   OpenSIPS TLS v1.1/1.2 support requires the following packages:
     * openssl or libssl >= 1.0.1e
     * openssl-dev or libssl-dev

1.6. Exported Functions

1.6.1.  is_peer_verified

   Returns 1 if the message is received via TLS and the peer was
   verified during TLS connection handshake, otherwise it returns
   -1

   This function can be used from REQUEST_ROUTE.

   Example 1.1. is_peer_verified usage
...
if (is_peer_verified()) {
        xlog("L_INFO","request from verified TLS peer\n");
} else {
        xlog("L_INFO","request not verified\n");
}
...

1.7. Exported MI Functions

1.7.1.  tls_list

   List all domains information.

1.7.2.  tls_reload

   Reloads the TLS domains information from the database. The
   previous DB defined domains are discarded but the script
   defined domains are preserved. If no new default client or
   server domains is loaded and previously the default was DB
   defined, the standard default domain is reinstated.

1.8. OpenSIPS Exported parameters

   All these parameters can be used from the opensips.cfg file, to
   configure the behavior of OpenSIPS-TLS.

1.8.1. listen=interface

   Not specific to TLS. Allows to specify the protocol (udp, tcp,
   tls), the IP address and the port where the listening server
   will be.

   Example 1.2. Set listen variable
...
listen = tls:1.2.3.4:5061
...

1.8.2. tls_method ([domain]string)

   Sets the TLS protocol. The domain, if set, represents the name
   of the TLS domain. TLS method which can be:
     * TLSv1_2 - means OpenSIPS will accept only TLSv1.2
       connections (rfc3261 conformant).
     * TLSv1 - means OpenSIPS will accept only TLSv1 connections
       (rfc3261 conformant).
     * SSLv3 - means OpenSIPS will accept only SSLv3 connections
     * SSLv2 - means OpenSIPS will accept only SSLv2 connections
       (almost all old clients support this).
     * SSLv23 - means OpenSIPS will accept any of the above
       methods, but the initial SSL hello must be v2 (in the
       initial hello all the supported protocols are advertised
       enabling switching to a higher and more secure version).
       The initial v2 hello means it will not accept connections
       from SSLv3 or TLSv1 only clients.

   Default value is SSLv23.

Warning

   Best is to use SSLv23, for extended compatibility. Using any of
   the other will restrict the version to just that one version.
   In fact, SSLv2 is disabled in the source code; to use it, you
   need to edit tls/tls_init.c

   If you want RFC3261 conformance and all your clients support
   TLSv1 (or you are planning to use encrypted "tunnels" only
   between different OpenSIPS proxies) use TLSv1. If you want to
   support older clients use SSLv23 (in fact most of the
   applications with SSL support use the SSLv23 method).

   Example 1.3. Set tls_method variable
...
modparam("tls_mgm", "tls_method", "TLSv1")
modparam("tls_mgm", "tls_method", "[dom]TLSv1")
...

1.8.3. certificate ([domain](string)

   Public certificate file for OpenSIPS. It will be used as
   server-side certificate for incoming TLS connections, and as a
   client-side certificate for outgoing TLS connections. The
   domain, if set, represents the name of the TLS domain.

   Default value is "CFG_DIR/tls/cert.pem".

   Example 1.4. Set certificate variable
...
modparam("tls_mgm", "certificate", "/mycerts/certs/opensips_server_cert.
pem")
modparam("tls_mgm", "certificate", "[dom]/mycerts/certs/opensips_server_
cert.pem")
...

1.8.4. private_key ([domain](string)

   Private key of the above certificate. I must be kept in a safe
   place with tight permissions! The domain, if set, represents
   the name of the TLS omain.

   Default value is "CFG_DIR/tls/ckey.pem".

   Example 1.5. Set private_key variable
...
modparam("tls_mgm", "private_key", "/mycerts/private/prik.pem")
modparam("tls_mgm", "private_key", "[dom]/mycerts/private/prik.pem")
...

1.8.5. ca_list ([domain](string)

   List of trusted CAs. The file contains the certificates
   accepted, one after the other. It MUST be a file, not a folder.
   The domain, if set, represents the name of the TLS domain.

   Default value is "".

   Example 1.6. Set ca_list variable
...
modparam("tls_mgm", "ca_list", "/mycerts/certs/ca_list.pem")
modparam("tls_mgm", "ca_list", "[dom]/mycerts/certs/ca_list.pem")
...

1.8.6. ca_dir ([domain](string)

   Directory storing trusted CAs. The path contains the
   certificates accepted, each as hash which is linked to
   certificate file. The domain, if set, represents the name of
   the TLS domain.

   Default value is "/etc/pki/CA/".

   Example 1.7. Set ca_dir variable
...
modparam("tls_mgm", "ca_dir", "/mycerts/certs")
modparam("tls_mgm", "ca_dir", "[dom]/mycerts/certs")
...

1.8.7. ciphers_list ([domain](string)

   You can specify the list of algorithms for authentication and
   encryption that you allow. The domain, if set, represents the
   name of the TLS domain. To obtain a list of ciphers and then
   choose, use the openssl application:
     * openssl ciphers 'ALL:eNULL:!LOW:!EXPORT'

Warning

   Do not use the NULL algorithms (no encryption) ... only for
   testing!!!

   It defaults to the OpenSSL default ciphers.

   Example 1.8. Set ciphers_list variable
...
modparam("tls_mgm", "ciphers_list", "NULL")
modparam("tls_mgm", "ciphers_list", "[dom]NULL")
...

1.8.8. dh_params ([domain](string)

   You can specify a file which contains Diffie-Hellman parameters
   as a PEM-file. This is needed if you would like to specify
   ciphers including Diffie-Hellman mode. The domain, if set,
   represents the name of the TLS domain.

   It defaults to not set a dh param file.

   Example 1.9. Set dh_params variable
...
modparam("tls_mgm", "dh_params", "/etc/pki/CA/dh1024.pem")
modparam("tls_mgm", "dh_params", "[dom]/etc/pki/CA/dh1024.pem")
...

1.8.9. ec_curve ([domain](string)

   You can specify an elliptic curve which should be used for
   ciphers which demand an elliptic curve. The domain, if set,
   represents the name of the TLS domain.

   It's usable only if TLS v1.1/1.2 support was compiled. A list
   of curves which can be used you can get by
                                openssl ecparam -list_curves

   It defaults to not set a elliptic curve.

1.8.10. verify_cert ([domain](string) and require_cert
([domain](string)

   Technically, verify_cert activates SSL_VERIFY_PEER in the
   ssl_context. 'require_cert' does the same with
   SSL_VERIFY_FAIL_IF_NO_PEER_CERT, which is only possible if
   SSL_VERIFY_PEER is also turned on. Since version 2.1, these
   parameters act have been reduced to only one. They act both on
   client side and server side if no domain specified, elseway
   they act on a specific domain, depending on the first
   parameter.

   These two parameters are used for incoming TLS connections,
   where OpenSIPS acts as server.

   It's usable only if TLS support was compiled.

   Default value for both is 1.

   Example 1.10. Set verify_cert & require_cert variable
...
# turn on the strictest and strongest authentication possible
modparam("tls_mgm", "require_cert", "1")
modparam("tls_mgm", "require_cert", "[dom]1")
modparam("tls_mgm", "verify_cert", "0")
modparam("tls_mgm", "verify_cert", "[dom]1")
...

1.8.11. tls_handshake_timeout (integer) and tls_send_timeout
(integer)

   Timeouts ... advanced users only

   Default value for both is 30.

   Example 1.11. Set tls_handshake_timeout & tls_send_timeout
   variable
...
modparam("tls_mgm", "tls_handshake_timeout", 119) # number of seconds
modparam("tls_mgm", "tls_send_timeout", 121) # number of seconds
...

1.8.12. client_domain_avp (integer)

   This sets the AVP used for name based TLS client domain
   matching (please see Section 1.8.29, “server_domain,
   client_domain (string)” for more details). Setting the value to
   0 disables name based TLS client domain matching.

   It's usable only if TLS support was compiled.

   Default value is 0.

   Example 1.12. Set tls_client_domain_avp variable
...
modparam("tls_mgm", "tls_client_domain_avp", "tls_cli_dom")
...

1.8.13. db_url (string)

   The database url. It cannot be NULL.

   Example 1.13. Usage of db_url block
modparam("tls_mgm", "db_url", "mysql://root:admin@localhost/opensips")

1.8.14.  db_table (string)

   Sets the database table name.

   Default value is "tls_mgm".

   Example 1.14. Usage of db_table block
modparam("tls_mgm", "db_table", "tls_mgm")

1.8.15.  domain_col (string)

   Sets the name.for the TLS domain column.

   Default value is "domain".

   Example 1.15. Usage of domain_col block
modparam("tls_mgm", "domain_col", "tls_domain")

1.8.16.  address_col (string)

   Sets the address column name.

   Default value is "address".

   Example 1.16. Usage of address_col block
modparam("tls_mgm", "address_col", "addr")

1.8.17.  tls_method_col (string)

   Sets the method column name.

   Default value is "method".

   Example 1.17. Usage of tls_method_col block
modparam("tls_mgm", "tls_method_col", "method")

1.8.18.  verify_cert_col (string)

   Sets the verrify certificate column name.

   Default value is "verify_cert".

   Example 1.18. Usage of vertify_cert_col block
modparam("tls_mgm", "verify_cert_col", "verify_cert")

1.8.19.  require_cert_col (string)

   Sets the require certificate column name.

   Default value is "require_cert".

   Example 1.19. Usage of require_cert_col block
modparam("tls_mgm", "require_cert_col", "req")

1.8.20.  certificate_col (string)

   Sets the certificate column name.

   Default value is "certificate".

   Example 1.20. Usage of certificate_col block
modparam("tls_mgm", "certificate_col", "certificate")

1.8.21.  private_key_col (string)

   Sets the private key column name.

   Default value is "private_key".

   Example 1.21. Usage of private_key_col block
modparam("tls_mgm", "private_key_col", "pk")

1.8.22.  crl_check_all_col (string)

   Sets the crl_check_all column name.

   Default value is "crl_check_all".

   Example 1.22. Usage of crl_check_all block
modparam("tls_mgm", "crl_check_all_col", "crl_check")

1.8.23.  crl_dir_col (string)

   Sets the crl directory column name.

   Default value is "crl_dir".

   Example 1.23. Usage of crl_dir_col block
modparam("tls_mgm", "crl_dir_col", "crl_dir")

1.8.24.  ca_list_col (string)

   Sets the CA list column name.

   Default value is "ca_list".

   Example 1.24. Usage of ca_list_col block
modparam("tls_mgm", "ca_list_col", "ca_list")

1.8.25.  ca_dir_col (string)

   Sets the CA directory column name.

   Default value is "ca_dir".

   Example 1.25. Usage of ca_dir_col block
modparam("tls_mgm", "ca_dir_col", "ca_dir")

1.8.26.  cipher_list_col (string)

   Sets the cipher list column name.

   Default value is "cipher_list".

   Example 1.26. Usage of cipher_list_col block
modparam("tls_mgm", "cipher_list_col", "cipher_list")

1.8.27.  dh_params_col (string)

   Sets the Diffie-Hellmann parameters column name.

   Default value is "dh_params".

   Example 1.27. Usage of dh_params_col block
modparam("tls_mgm", "dh_params_col", "dh_parms")

1.8.28.  ec_curve_col (string)

   Sets the ec_curve column name.

   Default value is "ec_curve".

   Example 1.28. Usage of ec_curve_col block
modparam("tls_mgm", "ec_curve_col", "ec_curve")

1.8.29. server_domain, client_domain (string)

   You can define virtual TLS domains through these parameters.

   The syntax for defining a domain is "domain=IP:port" where the
   'domain' is the domain name and the address part is optional
   for client domains.

   Example 1.29. Usage of tls_client_domain and tls_server_domain
   block
...
listen=tls:IP_2:port2
listen=tls:IP_3:port3
...
# set the TLS client domain AVP
modparam("proto_tls", "tls_client_domain_avp", "tls_cli_dom")
...

# 'atlanta' server domain
modparam("tls_mgm", "server_domain", "dom1=IP_2:port2")

modparam("tls_mgm", "certificate", "[dom1]/certs/atlanta.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom1]/certs/atlanta.com/privkey.pem
")
modparam("tls_mgm", "ca_list", "[dom1]/certs/wellknownCAs")
modparam("tls_mgm", "tls_method", "[dom1]tlsv1")
modparam("tls_mgm", "verify_cert", "[dom1]1")
modparam("tls_mgm", "require_cert", "[dom1]1")

#'biloxy' server domain

modparam("tls_mgm", "server_domain", "dom2=IP_3:port3")

modparam("tls_mgm", "certificate", "[dom2]/certs/biloxy.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom2]/certs/biloxy.com/privkey.pem"
)
modparam("tls_mgm", "ca_list", "[dom2]/certs/wellknownCAs")
modparam("tls_mgm", "tls_method", "[dom2]tlsv1")
modparam("tls_mgm", "verify_cert", "[dom2]1")
modparam("tls_mgm", "require_cert", "[dom2]1")

# 'atlanta' client domain
modparam("tls_mgm", "client_domain", "dom3")

modparam("tls_mgm", "certificate", "[dom3]/certs/atlanta.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom3]/certs/atlanta.com/privkey.pem
")
modparam("tls_mgm", "ca_list", "[dom3]/certs/wellknownCAs")
modparam("tls_mgm", "tls_method", "[dom3]tlsv1")
modparam("tls_mgm", "verify_cert", "[dom3]1")
modparam("tls_mgm", "require_cert", "[dom3]1")

#'biloxy' client domain
modparam("tls_mgm", "client_domain", "dom4")

modparam("tls_mgm", "certificate", "[dom4]/certs/biloxy.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom4]/certs/biloxy.com/privkey.pem"
)
modparam("tls_mgm", "ca_list", "[dom4]/certs/wellknownCAs")
modparam("tls_mgm", "tls_method", "[dom4]tlsv1")
modparam("tls_mgm", "verify_cert", "[dom4]1")
modparam("tls_mgm", "require_cert", "[dom4]1")


# socket based TLS server domains (for TLS based downstream from GW prov
ider)
modparam("tls_mgm", "client_domain", "dom5=IP_5:port5")

modparam("tls_mgm", "certificate", "[dom5]/certs/atlanta.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom5]/certs/atlanta.com/privkey.pem
")
modparam("tls_mgm", "ca_list", "[dom5]/certs/wellknownCAs")
modparam("tls_mgm", "tls_method", "[dom5]tlsv1")
modparam("tls_mgm", "verify_cert", "[dom5]0")

# socket based TLS client domains (for TLS based upstream to GW provider
)
# GW IP: 1.2.3.4, GW port: 6677
modparam("tls_mgm", "client_domain", "dom6=1.2.3.4:6677")

modparam("tls_mgm", "certificate", "[dom6]/certs/biloxy.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom6]/certs/biloxy.com/privkey.pem"
)
modparam("tls_mgm", "ca_list", "[dom6]/certs/wellknownCAs")
modparam("tls_mgm", "tls_method", "[dom6]tlsv1")
modparam("tls_mgm", "verify_cert", "[dom6]0")

...
route{
...
    # for biloxy or atlanta domains we set the TLS client domain AVP
    if ($rd == "atlanta.com")
        $avp(tls_cli_dom) = "dom3";
    else if ($rd == "biloxy.com")
        $avp(tls_cli_dom) = "dom4";
...
    # calls to other SIP domains
    # set the proper SSL context (certificate) for local hosted domains
    t_relay(); # uses NAPTR and SRV lookups
    exit;
...
    # calls to the PSTN GW
    t_relay("tls:1.2.3.4:6677");
    exit;
...

1.9. Variables

   This module exports the follong variables:

   Some variables are available for both, the peer'S certificate
   and the local certificate. Further, some parameters can be read
   from the “Subject” field or the “Issuer” field.

1.9.1. $tls_version

   $tls_version - the TLS/SSL version which is used on the TLS
   connection from which the message was received. String type.

1.9.2. $tls_description

   $tls_description - the TLS/SSL description of the TLS
   connection from which the message was received. String type.

1.9.3. $tls_cipher_info

   $tls_cipher_info - the TLS/SSL cipher which is used on the TLS
   connection from which the message was received. String type.

1.9.4. $tls_cipher_bits

   $tls_cipher_bits - the number of cipher bits which are used on
   the TLS connection from which the message was received. String
   and Integer type.

1.9.5. $tls_[peer|my]_version

   $tls_[peer|my]_version - the version of the certificate. String
   type.

1.9.6. $tls_[peer|my]_serial

   $tls_[peer|my]_serial - the serial number of the certificate.
   String and Integer type.

1.9.7. $tls_[peer|my]_[subject|issuer]

   $tls_[peer|my]_[subject|issuer] - ASCII dump of the fields in
   the issuer/subject section of the certificate. String type.

   Example 1.30. Example of $tls_[peer|my]_[subject|issuer]
/C=AT/ST=Vienna/L=Vienna/O=enum.at/CN=enum.at

1.9.8. $tls_[peer|my]_[subject|issuer]_cn

   $tls_[peer|my]_[subject|issuer]_cn - commonName in the
   issuer/subject section of the certificate. String type.

1.9.9. $tls_[peer|my]_[subject|issuer]_locality

   $tls_[peer|my]_[subject|issuer]_locality - localityName in the
   issuer/subject section of the certificate. String type.

1.9.10. $tls_[peer|my]_[subject|issuer]_country

   $tls_[peer|my]_[subject|issuer]_country - countryName in the
   issuer/subject section of the certificate. String type.

1.9.11. $tls_[peer|my]_[subject|issuer]_state

   $tls_[peer|my]_[subject|issuer]_state - stateOrProvinceName in
   the issuer/subject section of the certificate. String type.

1.9.12. $tls_[peer|my]_[subject|issuer]_organization

   $tls_[peer|my]_[subject|issuer]_organization - organizationName
   in the issuer/subject section of the certificate. String type.

1.9.13. $tls_[peer|my]_[subject|issuer]_unit

   $tls_[peer|my]_[subject|issuer]_unit - organizationalUnitName
   in the issuer/subject section of the certificate. String type.

1.9.14. $tls_[peer|my]_san_email

   $tls_[peer|my]_san_email - email address in the “subject
   alternative name” extension. String type.

1.9.15. $tls_[peer|my]_san_hostname

   $tls_[peer|my]_san_hostname - hostname (DNS) in the “subject
   alternative name” extension. String type.

1.9.16. $tls_[peer|my]_san_uri

   $tls_[peer|my]_san_uri - URI in the “subject alternative name”
   extension. String type.

1.9.17. $tls_[peer|my]_san_ip

   $tls_[peer|my]_san_ip - ip address in the “subject alternative
   name” extension. String type.

1.9.18. $tls_peer_verified

   $tls_peer_verified - Returns 1 if the peer's certificate was
   successful verified. Otherwise it returns 0. String and Integer
   type.

1.9.19. $tls_peer_revoked

   $tls_peer_revoked - Returns 1 if the peer's certificate was
   revoked. Otherwise it returns 0. String and Integer type.

1.9.20. $tls_peer_expired

   $tls_peer_expired - Returns 1 if the peer's certificate is
   expired. Otherwise it returns 0. String and Integer type.

1.9.21. $tls_peer_selfsigned

   $tls_peer_selfsigned - Returns 1 if the peer's certificate is
   selfsigned. Otherwise it returns 0. String and Integer type.

1.9.22. $tls_peer_notBefore

   $tls_peer_notBefore - Returns the notBefore validity date of
   the peer's certificate. String type.

1.9.23. $tls_peer_notAfter

   $tls_peer_notAfter - Returns the notAfter validity date of the
   peer's certificate. String type.

1.10. OpenSIPS with TLS - script example

   IMPORTANT: The TLS support is based on TCP, and for allowing
   OpenSIPS to use TCP, it must be started in multi-process mode.
   So, there is a must to have the "fork" parameter set to "yes":

   NOTE: Since the TLS engine is quite memory consuming, increase
   the used memory by the run time parameter "-m" (see OpenSIPS -h
   for more details).
     * fork = yes

   Example 1.31. Script with TLS support
  # ----------- global configuration parameters ------------------------
  log_level=3
  log_stderror=no

  check_via=no
  dns=no
  rev_dns=no
  listen=udp:your_serv_IP:5060
  listen=tls:your_serv_IP:5061
  children=4

  # ------------------ module loading ----------------------------------

  loadmodule "proto_tls.so"
  loadmodule "proto_udp.so"

  #TLS specific settings
  loadmodule "tls_mgm.so"

  modparam("tls_mgm", "certificate", "/path/opensipsX_cert.pem")
  modparam("tls_mgm", "private_key", "/path/privkey.pem")
  modparam("tls_mgm", "ca_list", "/path/calist.pem")
  modparam("tls_mgm", "ca_list", "/path/calist.pem")
  modparam("tls_mgm", "require_cert", "1")
  modparam("tls_mgm", "verify_cert", "1")

  alias=_DNS_ALIAS_


  loadmodule "sl.so"
  loadmodule "rr.so"
  loadmodule "maxfwd.so"
  loadmodule "mysql.so"
  loadmodule "usrloc.so"
  loadmodule "registrar.so"
  loadmodule "tm.so"
  loadmodule "auth.so"
  loadmodule "auth_db.so"
  loadmodule "textops.so"
  loadmodule "sipmsgops.so"
  loadmodule "signaling.so"
  loadmodule "uri_db.so"

  # ----------------- setting module-specific parameters ---------------

  # -- auth_db params --
  modparam("auth_db", "db_url", "sql_url")
  modparam("auth_db", "password_column", "password")
  modparam("auth_db", "calculate_ha1", 1)

  # -- registrar params --
  # no multiple registrations
  modparam("registrar", "append_branches", 0)

  # -------------------------  request routing logic -------------------

  # main routing logic

  route{

  # initial sanity checks
  if (!mf_process_maxfwd_header("10")) {
      send_reply("483","Too Many Hops");
      exit;
  };

  # if somene claims to belong to our domain in From,
  # challenge him (skip REGISTERs -- we will chalenge them later)
  if (is_myself("$fd")) {
      setflag(1);
      if ( is_method("INVITE|SUBSCRIBE|MESSAGE")
      && !(is_myself("$si")) ) {
          if  (!(proxy_authorize( "domA.net", "subscriber" ))) {
              proxy_challenge("domA.net","0"/*no-qop*/);
              exit;
          };
          if (!db_check_from()) {
              xlog("FROM hdr Cheating attempt in INVITE\n");
              send_reply("403",
                  "That is ugly -- use From=id next time (OB)");
              exit;
          };
      }; # non-REGISTER from other domain
  } else if ( is_method("INVITE") && !is_myself("$rd") ) {
      send_reply("403", "No relaying");
      exit;
  };

  /* ********   do record-route and loose-route ******* */
  if (!is_method("REGISTER"))
      record_route();

  if (loose_route()) {
      append_hf("P-hint: rr-enforced\r\n");
      t_relay();
      exit;
  };

  /* ******* check for requests targeted out of our domain ******* */
  if ( !is_myself("$rd") ) {
      append_hf("P-hint: OUTBOUND\r\n");
      if ($rd=="domB.net") {
          t_relay("tls:domB.net:5061");
      } else if ($rd=="domC.net") {
          t_relay("tls:domC.net:5061");
      } else {
          t_relay();
      };
      exit;
  };

  /* ******* divert to other domain according to prefixes ******* */
  if (!is_method("REGISTER")) {
      if ( $ru=~"sip:201") {
          strip(3);
          $rd = "domB.net";
          t_relay("tls:domB.net:5061");
          exit;
      } else if ( $ru=~"sip:202" ) {
          strip(3);
          $rd = "domC.net";
          t_relay("tls:domC.net:5061");
          exit;
      };
  };

  /* ************ requests for our domain ********** */
  if (is_method("REGISTER")) {
      if (!www_authorize( "domA.net", "subscriber" )) {
          # challenge if none or invalid credentials
          www_challenge( "domA.net" /* realm */,
              "0" /* no qop -- some phones can't deal with it */);
          exit;
      };
      if (!db_check_to()) {
          xlog("TO hdr Cheating attempt\n");
          send_reply("403", "That is ugly -- use To=id in REGISTERs");
          exit;
      };
      # it is an authenticated request, update Contact database now
      if (!save("location")) {
          sl_reply_error();
      };
      exit;
  };

  # native SIP destinations are handled using USRLOC DB
  if (!lookup("location")) {
      # handle user which was not found
      send_reply("404", "Not Found");
      exit;
  };

  # remove all present Alert-info headers
  remove_hf("Alert-Info");

  if (is_method("INVITE") && ($rP=="TLS" || isflagset(1))) {
      append_hf("Alert-info: 1\r\n");                     # cisco 7960
      append_hf("Alert-info: Bellcore-dr4\r\n");          # cisco ATA
      append_hf("Alert-info: http://foo.bar/x.wav\r\n");  # snom
  };

  # do forwarding
  if (!t_relay()) {
      sl_reply_error();
  };

  #end of script
  }

1.11. Debug TLS connections

   If you want to debug TLS connections, put the following log
   statements into your OpenSIPS.cfg. This will dump all available
   TLS pseudo variables.

   Example 1.32. Example of TLS logging
xlog("L_INFO","================= start TLS pseudo variables ============
===\n");
xlog("L_INFO","$$tls_version                   = '$tls_version'\n");
xlog("L_INFO","$$tls_description               = '$tls_description'\n");
xlog("L_INFO","$$tls_cipher_info               = '$tls_cipher_info'\n");
xlog("L_INFO","$$tls_cipher_bits               = '$tls_cipher_bits'\n");
xlog("L_INFO","$$tls_peer_subject              = '$tls_peer_subject'\n")
;
xlog("L_INFO","$$tls_peer_issuer               = '$tls_peer_issuer'\n");
xlog("L_INFO","$$tls_my_subject                = '$tls_my_subject'\n");
xlog("L_INFO","$$tls_my_issuer                 = '$tls_my_issuer'\n");
xlog("L_INFO","$$tls_peer_version              = '$tls_peer_version'\n")
;
xlog("L_INFO","$$tls_my_version                = '$tls_my_version'\n");
xlog("L_INFO","$$tls_peer_serial               = '$tls_peer_serial'\n");
xlog("L_INFO","$$tls_my_serial                 = '$tls_my_serial'\n");
xlog("L_INFO","$$tls_peer_subject_cn           = '$tls_peer_subject_cn'\
n");
xlog("L_INFO","$$tls_peer_issuer_cn            = '$tls_peer_issuer_cn'\n
");
xlog("L_INFO","$$tls_my_subject_cn             = '$tls_my_subject_cn'\n"
);
xlog("L_INFO","$$tls_my_issuer_cn              = '$tls_my_issuer_cn'\n")
;
xlog("L_INFO","$$tls_peer_subject_locality     = '$tls_peer_subject_loca
lity'\n");
xlog("L_INFO","$$tls_peer_issuer_locality      = '$tls_peer_issuer_local
ity'\n");
xlog("L_INFO","$$tls_my_subject_locality       = '$tls_my_subject_locali
ty'\n");
xlog("L_INFO","$$tls_my_issuer_locality        = '$tls_my_issuer_localit
y'\n");
xlog("L_INFO","$$tls_peer_subject_country      = '$tls_peer_subject_coun
try'\n");
xlog("L_INFO","$$tls_peer_issuer_country       = '$tls_peer_issuer_count
ry'\n");
xlog("L_INFO","$$tls_my_subject_country        = '$tls_my_subject_countr
y'\n");
xlog("L_INFO","$$tls_my_issuer_country         = '$tls_my_issuer_country
'\n");
xlog("L_INFO","$$tls_peer_subject_state        = '$tls_peer_subject_stat
e'\n");
xlog("L_INFO","$$tls_peer_issuer_state         = '$tls_peer_issuer_state
'\n");
xlog("L_INFO","$$tls_my_subject_state          = '$tls_my_subject_state'
\n");
xlog("L_INFO","$$tls_my_issuer_state           = '$tls_my_issuer_state'\
n");
xlog("L_INFO","$$tls_peer_subject_organization = '$tls_peer_subject_orga
nization'\n");
xlog("L_INFO","$$tls_peer_issuer_organization  = '$tls_peer_issuer_organ
ization'\n");
xlog("L_INFO","$$tls_my_subject_organization   = '$tls_my_subject_organi
zation'\n");
xlog("L_INFO","$$tls_my_issuer_organization    = '$tls_my_issuer_organiz
ation'\n");
xlog("L_INFO","$$tls_peer_subject_unit         = '$tls_peer_subject_unit
'\n");
xlog("L_INFO","$$tls_peer_issuer_unit          = '$tls_peer_issuer_unit'
\n");
xlog("L_INFO","$$tls_my_subject_unit           = '$tls_my_subject_unit'\
n");
xlog("L_INFO","$$tls_my_issuer_unit            = '$tls_my_issuer_unit'\n
");
xlog("L_INFO","$$tls_peer_san_email            = '$tls_peer_san_email'\n
");
xlog("L_INFO","$$tls_my_san_email              = '$tls_my_san_email'\n")
;
xlog("L_INFO","$$tls_peer_san_hostname         = '$tls_peer_san_hostname
'\n");
xlog("L_INFO","$$tls_my_san_hostname           = '$tls_my_san_hostname'\
n");
xlog("L_INFO","$$tls_peer_san_uri              = '$tls_peer_san_uri'\n")
;
xlog("L_INFO","$$tls_my_san_uri                = '$tls_my_san_uri'\n");
xlog("L_INFO","$$tls_peer_san_ip               = '$tls_peer_san_ip'\n");
xlog("L_INFO","$$tls_my_san_ip                 = '$tls_my_san_ip'\n");
xlog("L_INFO","$$tls_peer_verified             = '$tls_peer_verified'\n"
);
xlog("L_INFO","$$tls_peer_revoked              = '$tls_peer_revoked'\n")
;
xlog("L_INFO","$$tls_peer_expired              = '$tls_peer_expired'\n")
;
xlog("L_INFO","$$tls_peer_selfsigned           = '$tls_peer_selfsigned'\
n");
xlog("L_INFO","$$tls_peer_notBefore            = '$tls_peer_notBefore'\n
");
xlog("L_INFO","$$tls_peer_notAfter             = '$tls_peer_notAfter'\n"
);
xlog("L_INFO","================= end TLS pseudo variables ==============
=\n");

Chapter 2. Developer Guide

2.1. API Functions

2.1.1. find_server_domain

   struct tls_domain *find_server_domain(struct ip_addr *ip,
   unsigned short port);

   Find a TLS server domain with given ip and port (local
   listening socket).

2.1.2. find_client_domain

   struct tls_domain *find_client_domain(struct ip_addr *ip,
   unsigned short port);

   Find TLS client domain.

2.1.3. get_handshake_timeout

   int get_handshake_timeout(void);

   Returns the handshanke timeout.

2.1.4. get_send_timeout

   int get_send_timeout(void);

   Returns the send timeout.

2.2. TLS_CONFIG

   It contains configuration variables for OpenSIPS's TLS
   (timeouts, file paths, etc).

2.3. TLS_INIT

   Initialization related functions and parameters.

2.3.1. ssl context

   extern SSL_CTX *default_client_ctx;

   The ssl context is a member of the TLS domain strcuture. Thus,
   every TLS domain, default and virtual - servers and clients,
   have its own SSL context.

2.3.2. pre_init_tls

   int init_tls(void);

   Called once to pre_initialize the tls subsystem, from the
   main(). Called before parsing the configuration file.

2.3.3. init_tls

   int init_tls(void);

   Called once to initialize the tls subsystem, from the main().
   Called after parsing the configuration file.

2.3.4. destroy_tls

   void destroy_tls(void);

   Called once, just before cleanup.

2.3.5. tls_init

   int tls_init(struct socket_info *c);

   Called once for each tls socket created, from main.c

2.3.6. os_malloc, os_realloc, os_free

   Wrapper functions around the shm_* functions. OpenSSL uses
   non-shared memory to create its objects, thus it would not work
   in OpenSIPS. By creating these wrappers and configuring OpenSSL
   to use them instead of its default memory functions, we have
   all OpenSSL objects in shared memory, ready to use.

2.4. TLS_DOMAIN

2.4.1. tls_domains

   extern struct tls_domain *tls_default_server_domain;

   The default TLS server domain.

   extern struct tls_domain *tls_default_client_domain;

   The default TLS client domain.

   extern struct tls_domain *tls_server_domains;

   List with defined server domains.

   extern struct tls_domain *tls_client_domains;

   List with defined client domains.

2.4.2. tls_find_server_domain

   struct tls_domain *tls_find_server_domain(struct ip_addr *ip,
   unsigned short port);

   Find a TLS server domain with given ip and port (local
   listening socket).

2.4.3. tls_find_client_domain

   struct tls_domain *tls_find_client_domain(struct ip_addr *ip,
   unsigned short port);

   Find TLS client domain.

2.4.4. tls_find_client_domain_addr

   struct tls_domain *tls_find_client_domain_addr(struct ip_addr
   *ip, unsigned short port);

   Find TLS client domain with given ip and port (socket of the
   remote destination).

2.4.5. tls_find_client_domain_name

   struct tls_domain *tls_find_client_name(str name);

   Find TLS client domain with given name.

2.4.6. tls_new__domain

   struct tls_domain *tls_new_domain(int type);

   Creates new TLS: allocate memory, set the type and initialize
   members

2.4.7. tls_new_server_domain

   int tls_new_server_domain(struct ip_addr *ip, unsigned short
   port);

   Creates and adds to the list of TLS server domains a new
   domain.

2.4.8. tls_new_client_domain

   int tls_new_client_domain(struct ip_addr *ip, unsigned short
   port);

   Creates and adds to the list of TLS client domains a new socket
   based domain.

2.4.9. tls_new_client_domain_name

   int tls_new_client_domain_name(char *s, int len);

   Creates and adds to the list of TLS client domains a new name
   based domain.

2.4.10. tls_free_domains

   void tls_free_domains(void);

   Cleans up the entire domain lists.
조회 수 :
5605
등록일 :
2017.09.14
14:42:27 (*.160.88.18)
엮인글 :
http://webs.co.kr/index.php?document_srl=3311884&act=trackback&key=159
게시글 주소 :
http://webs.co.kr/index.php?document_srl=3311884
List of Articles
번호 제목 글쓴이 날짜 조회 수sort
162 Using SIP Devices behind NAT OPensip Asterisk IPPhone SIP Telephony file admin 2013-03-31 78589
161 OpenSIPS vs Asterisk admin 2013-04-06 75899
160 What is new in 1.8.0 opensip admin 2012-05-21 63047
159 Asterisk v1.4x built on FreeBSD v7.1 UNIX admin 2012-01-06 59940
158 사설 망 환경에서 SIP 의 NAT Traversal 문제 admin 2011-12-23 55777
157 SIP 트래픽 생성 테스트 툴 admin 2011-12-23 54500
156 telepresence: Open Source SIP Telepresence/MCU admin 2014-03-12 49974
155 Installation and configuration process record opensips opensips-cp admin 2014-08-13 47163
154 Flooding Asterisk, Freeswitch and Kamailio with Metasploit admin 2013-04-06 42814
153 오픈소스 (사내)메신저 서버 구축, 오픈 파이어(openfire) 설치방법과 세팅 admin 2014-08-11 42235
152 My new toy: Bluebox-ng admin 2013-04-06 39553
151 SIP PBX - OpenSIPS and Asterisk configuration admin 2014-03-12 37682
150 Installing RTPproxy Start RTPproxy in Bridged mode very good admin 2014-03-07 37485
149 Installation and configuration process record opensips 1.9.1 admin 2014-08-09 33835
148 MediaProxy Installation Guide admin 2014-03-06 31517
147 Conference Support in Kamailio (OpenSER) admin 2014-03-12 31059
146 Kamailio 3.3.x and Asterisk 10.7.0 Realtime Integration using Asterisk Database admin 2013-04-06 30182
145 Opensips_1.9 install guide this is great I like this admin 2014-03-04 29718
144 Kamailo OpenSIPs installation on Debian admin 2014-03-09 29657
143 OpenH323 Gatekeeper - The GNU Gatekeeper admin 2011-12-14 29592
142 Asterisk Installation Asterisk Realtime configuration admin 2013-04-06 27959
141 2013 2012년 분야별 최고의 오픈소스 소프트웨어 124선 admin 2014-04-05 27104
140 The SIP Router Project admin 2013-04-06 26761
139 rfc5766-turn-server admin 2013-03-21 25803
138 OfficeSIP Server is freeware VoIP, SIP server for Windows admin 2013-09-11 25068
137 Video conference server OpenMCU-ru - Introduction admin 2014-04-01 25021
136 Welcome to the Smartvox Knowledgebase admin 2013-04-06 24740
135 A2Billing and OpenSIPS admin 2014-03-04 24644
134 The FreeRADIUS Project admin 2011-12-14 24536
133 Kamailio :: A Quick Introduction admin 2013-04-06 24469
132 OpenSER_from_an_asterisk_POV file admin 2013-04-06 24417
131 Jitsi Videobridge meets WebRTC admin 2014-10-18 24003
130 Building Telephony Systems with OpenSIPS 1.6 books file admin 2014-03-06 23779
129 Open Source VOIP applications, both clients and servers. admin 2013-11-20 23777
128 Using the openSIPS Registrant Module admin 2014-03-09 23670
127 Opensips install debian admin 2014-03-03 23451
126 How to install OpenSIPS on CentOS debian module add xcap admin 2014-03-06 23287
125 OpenSIPS Kick Start‎: VIDEO admin 2013-02-20 23272
124 Ekiga (formely known as GnomeMeeting) is an open source SoftPhone admin 2014-03-12 23146
123 opensips-1.10.0_src.tar.gz experimental source code documentation admin 2014-03-09 23087
122 opensips 1.11.2 install Good Giide admin 2014-08-09 23041
121 the OpenSIPS Project OpenSIP admin 2011-12-14 23035
120 OPENSIP Training VIDEO admin 2013-02-20 22854
119 How to install OpenSIPS on CentOS Debian etc admin 2014-03-05 22844
118 UAC Registrant Module admin 2014-09-28 22776
117 Problem with presence_xml module Opensips 1.9 admin 2014-03-06 22771
116 RTPProxy 1.2.x Installation & Integration with OpenSIPS 1.5x admin 2014-08-10 22766
115 OpenSIPS Control Panel install guide admin 2014-03-06 22742
114 SIPSorcery admin 2014-03-18 22673
113 The Impact of TLS on SIP Server Performance file admin 2014-03-12 22657
112 Building Telephony Systems with OpenSIPS 1.6 RTPProxy + OpenSIPS 1.7 admin 2014-03-07 22608
111 opensips.cfg for Asterisk admin 2014-10-20 22599
110 Opensips Modules Documentation admin 2014-08-18 22547
109 OPENSIPS EBOOK admin 2014-08-21 22529
108 [Sipdroid] SIP data collection study tour admin 2014-08-23 22455
107 [OpenSIPS-Users] Opensips 1.10 NAT radius aaa admin 2014-08-23 22445
106 Real-time Charging System for Telecom & ISP environments admin 2014-08-23 22431
105 OpenSIPS/OpenSER-a versatile SIP Server cfg admin 2014-08-11 22428
104 OpenSIPS Consultancy Pricing module install Server 판매 또는 설치및 컨설팅 가이드 admin 2014-08-23 22342
103 rtpproxy Module admin 2014-03-06 22335
102 Configuracion de Kamailio 3.3 con NAT Traversal y XCAP. admin 2014-08-12 22302
101 RTPPROXY Admin Guide admin 2014-08-24 22269
100 100% CPU usage opensips admin 2014-03-05 22264
99 SigIMS IMS Platform admin 2014-05-24 22237
98 Opensips Documentation Function admin 2014-08-21 22190
97 CANCEL MESSAGE not handled correctly admin 2014-08-23 22104
96 opensips 1.11.2 install guide good 인스톨 가이드 admin 2014-08-09 22095
95 Multimedia Service Platform admin 2014-03-06 22072
94 Where to check OpenSIPS does not start? admin 2014-03-09 22049
93 MediaProxy wiki page install configuration admin 2014-08-11 22008
92 ICE: The ultimate way of beating NAT in SIP admin 2014-08-23 21966
91 MediaProxy 2.3.x & OpenSIPS 1.5.x Integration admin 2014-08-24 21963
90 Kamailio Nat Traversal using RTPProxy admin 2014-08-11 21956
89 A2Billing and OpenSIPS config admin 2014-10-20 21884
88 Presence Tutorial OpenXCAP setup admin 2014-08-18 21870
87 book-opensips-101 / content / 3.2. SIP TLS Secure Calling.mediawiki admin 2014-03-12 21839
86 kamailio.cfg configuration Example admin 2014-10-04 21749
85 OpenSIPS , default script , Types of Routs , Routing in SIP, Video lecture admin 2014-08-13 21747
84 fusionPBX install debian wheezy admin 2014-08-09 21708
83 Script Function , Module Index v1.11 함수 모듈 opensips admin 2014-10-14 21697
82 A lightweight RPC library based on XML and HTTP admin 2014-08-18 21671
81 Many OPENSIPS Configuration Examples This will Help you admin 2014-08-23 21643
80 Under RHEL6.5 install OpenSIPS 1.11.1 tls admin 2014-08-12 21567
79 RTPproxy Frequentry Asked Questions (FAQ) ¶ admin 2014-03-07 21538
78 A Survey of Open Source Products for Building a SIP Communication Platform admin 2014-10-18 21502
77 MediaProxy Installation Guide admin 2014-08-10 21494
76 OpenSIPS configuration for 2 or more FreeSWITCH installs admin 2014-03-12 21425
75 OpenSIPS Control Panel (OCP) Installation Guide admin 2014-03-06 21332
74 OpenSIPS Control Panel (OCP) Installation Guide Good admin 2014-08-13 21067
73 opensips NAT Traversal Module admin 2014-10-02 20958
72 opensips Nat script with RTPPROXY - English Good perfect admin 2014-08-15 20563
71 SIP Signaling-Messages OpenSIPS Running On Multicore Server file admin 2014-11-02 20347
70 Opensips Installation, How to. Good guide wiki page admin 2014-08-10 19825
69 Opensips Installation, How to. admin 2014-03-05 19587
68 OpenSIPS as Homer Capture server admin 2014-08-13 19558
67 Opensips TM module enables stateful processing of SIP transactions admin 2014-10-04 19423
66 OpenSIPS Installation Notes admin 2014-08-09 19338
65 오픈소스 (사내)메신저 서버 구축, 오픈 파이어(openfire) 설치방법과 세팅(리눅스 기준) admin 2017-09-09 15290
64 Service Provision Using Asterisk & OpenSIPS - AstriCon 2014 admin 2015-02-25 12949
63 WebSocket Support in OpenSIPS 2.1 admin 2015-04-04 12779
62 WebRTC with OpenSIPS WebSocket is a protocol provides full-duplex admin 2015-04-04 11027
61 OpenSIPS 2.1 (rc) is available, download now! admin 2015-03-22 10965
60 OpenSIPS Control Panel and Homer integration admin 2017-08-17 6576
59 The timeline for OpenSIPS 2.3 is admin 2017-08-17 6417
58 What is new in 2.3.0 opensips admin 2017-09-04 6324
57 OpenSIPS 2.3 philosophy admin 2017-08-17 6303
56 PUSH SERVER 푸시서버 안드로이드 애플 admin 2017-09-11 6172
55 How to setup a Jabber / XMPP server on Debian 8 (jessie) using ejabberd admin 2017-09-13 6084
54 OpenSIPS 2.3 install admin 2017-09-01 6066
53 Opensips sip capture re designed admin 2017-07-16 5997
52 How to install Mediaproxy 2.5.2 on CentOS 6 64 bit admin 2017-09-04 5971
51 You can install CDRTool in the following ways: admin 2017-09-01 5951
50 WebSocket Transport using OpenSIPS admin 2017-09-01 5940
49 How to Install OpenSIPS 2.1.2 Server on Ubuntu 15.04 admin 2017-09-01 5880
48 JsSIP: The JavaScript SIP Library admin 2017-09-01 5872
47 ubuntu 安装配置opensips,rtpproxy,mediaproxy admin 2017-09-04 5830
46 A2Billing and OpenSIPS – Part 3 admin 2017-08-29 5828
45 openssl 을 이용한 인증서 생성 절차를 정리한다. 개인키 CSR SSL 인증서 파일 생성 admin 2017-09-14 5771
44 Using TLS in OpenSIPS v2.2.x configuration admin 2017-09-04 5724
43 Installing RTPEngine on Ubuntu 14.04 admin 2017-09-05 5716
42 A2Billing and OpenSIPS – Part 1 admin 2017-08-29 5711
41 rtpengine config basic and opensips configuration and command admin 2017-09-06 5711
40 rtpengine install and config admin 2017-09-05 5686
39 Opensips 2.32 download admin 2017-09-01 5677
38 How to 2.3 download , OpenSIPS new apt repository. DEBs for Debian / Ubuntu admin 2017-09-02 5674
37 OpenSIPS basic configuration script 기본 컨피그 admin 2017-09-05 5649
36 Fail2Ban Freeswitch How to secure admin 2017-09-12 5648
35 opensips command /sbin/opensipsctl detail admin 2017-09-04 5638
34 A2Billing and OpenSIPS – Part 2 admin 2017-08-29 5630
» opensips tls cfg admin 2017-09-14 5605
32 compile only the textops module make modules=modules/textops modules admin 2017-09-05 5582
31 2017 08 31 opensips 2.32 install debian8.8 module install compile err modules admin 2017-09-04 5578
30 Advanced SIP scenarios with Event-based-Routing admin 2017-09-11 5567
29 WebSocket Transport using OpenSIPS configuration 웹 소켓 컨피그레이션 기본 admin 2017-09-06 5547
28 Documentation -> Tutorials -> TLS opensips.cfg admin 2017-09-14 5525
27 Using TLS in OpenSIPS v2.2.x admin 2017-09-14 5517
26 Build-Depends debian 8.8 opensips 2.3 admin 2017-09-04 5470
25 SIP to XMPP Gateway + SIP Presence Server opensips admin 2017-09-13 5462
24 OpenSIPS command line tricks admin 2017-09-13 5424
23 opensips.cfg. sample admin 2017-09-12 5399
22 opensips exec module admin 2017-12-08 4698
21 opensips configuration config explain easy basic 오픈쉽스 컨피그레이션 기본 설명 file admin 2017-12-07 4676
20 what is loose_route() in opensips ? file admin 2017-12-09 4635
19 OpenSIPS Module Interface admin 2017-12-07 4570
18 dictionary.opensips radius admin 2017-12-09 4545
17 in opensips what is has_totag() admin 2017-12-09 4511
16 in opensips what is lookup(domain [, flags [, aor]]) admin 2017-12-09 4480
15 what is record_route() in opensips ? admin 2017-12-09 4480
14 opensips push notification How to admin 2017-12-07 4476
13 in opensips db_does_uri_exist() what is admin 2017-12-09 4345