Hi Jan,
The problem occured when i call an openmcu number on the same server than gnugk. I stopped openmcu and i did other tests.
----------- test No 1: Only TLS Enabled
[TLS]
EnableTLS=1
PrivateKey=/etc/asterisk/keys/pbx.xxx.com.pem
Certificates=/etc/asterisk/keys/pbx.xxx.com.pem
CAFile=/etc/asterisk/keys/sub.class1.server.ca.pem
RequireRemoteCertificate=0
EnableTLS=1
PrivateKey=/etc/asterisk/keys/pbx.xxx.com.pem
Certificates=/etc/asterisk/keys/pbx.xxx.com.pem
CAFile=/etc/asterisk/keys/sub.class1.server.ca.pem
RequireRemoteCertificate=0
[EP::test1]
UseTLS=1
UseTLS=1
- external user test1 can't call internal user test2 : i have this error in the log (file gnugnk_TLS_Only.log)
ProxyChannel.cxx(12947) TLS TLS protocol error in SSL_connect(): 1 / error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
- internal user test2 can call external user test1 : it's ok
------------ test No 2: TLS + Media Encryption Enabled
[RoutedMode]
GKRouted=1
H245Routed=0
CallSignalPort=1721
AcceptUnregisteredCalls=1
H245Routed=0
CallSignalPort=1721
AcceptUnregisteredCalls=1
H245TunnelingTranslation=1
SupportNATedEndpoints=1
H245PortRange=31000-31999
Q931PortRange=30000-30999
DropCallsByReleaseComplete=1
SupportNATedEndpoints=1
H245PortRange=31000-31999
Q931PortRange=30000-30999
DropCallsByReleaseComplete=1
EnableH46018=1
SendReleaseCompleteOnDRQ=1
EnableH235HalfCallMedia=1
H235HalfCallMediaStrength=256
RequireH235HalfCallMedia=1
RemoveH235Call=192.168.1.0/24
EnableH235HalfCallMediaKeyUpdates=1
H235HalfCallMediaStrength=256
RequireH235HalfCallMedia=1
RemoveH235Call=192.168.1.0/24
EnableH235HalfCallMediaKeyUpdates=1
[TLS]
EnableTLS=1
PrivateKey=/etc/asterisk/keys/pbx.xxx.com.pem
Certificates=/etc/asterisk/keys/pbx.xxx.com.pem
CAFile=/etc/asterisk/keys/sub.class1.server.ca.pem
RequireRemoteCertificate=0
EnableTLS=1
PrivateKey=/etc/asterisk/keys/pbx.xxx.com.pem
Certificates=/etc/asterisk/keys/pbx.xxx.com.pem
CAFile=/etc/asterisk/keys/sub.class1.server.ca.pem
RequireRemoteCertificate=0
[EP::test1]
UseTLS=1
- external user test1 can't call internal user test2 : i have this error in the log (file gnugnk_TLS_MediaEncrypt.log)
ProxyChannel.cxx(12947)
TLS TLS protocol error in SSL_connect(): 1 / error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
- internal user test2 can call external user test1 but without audio and video : i have this error in the log (file gnugnk_TLS_MediaEncrypt.log)
h235crypto.cxx(314) H235 Decrypt error: wrong final block length
h235crypto.cxx(540) H235 EVP_DecryptFinal_ex() failed - incorrect padding ?
Thank for any help.
Jean
Le Lundi 10 août 2015 12h01, Jan Willamowius <jan@xxxxxxxxxxxxxx> a écrit :
Hi Jean.
the best way to debug this would be for you to create a stack trace of
the crash. See
http://www.gnugk.org/gnugk-manual-14.html#ss14.3
The trace you posted doesn't contain enough information to see what
went wrong. We need at least a level 5 trace to see what was inside the
message that cause the crash.
Regards,
Jan
--
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail : jan@xxxxxxxxxxxxxx
Website: http://www.gnugk.org
Support: http://www.willamowius.com/gnugk-support.html
Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584
Jean Lÿffffe9olein BEBEY wrote:
> Hil all,
> I have successfully compiled GNU 3.9 with theses options:
> ----- ptlib :- ./configure --enable-openldap --enable-openssl
> - make optnoshared
> ----- h323plus./configure --enable-h235 --enable-h235-256 --enable-h46025 --enable-h46026
> - make optnoshared
> ------ gnugk./configure --enable-h46018
> - make optnoshared
>
> -------- gatekeeper.iniI added the media encryption in [RoutedMode] :
> EnableH235HalfCallMedia=1
> H235HalfCallMediaStrength=256
> RequireH235HalfCallMedia=0
> RemoveH235Call=192.168.1.0/24
>
> and start gnugk :
> Gatekeeper(GNU) Version(3.9.0) Ext(pthreads=1,radius=1,mysql=1,pgsql=1,firebird=0,odbc=0,sqlite=0,large_fdset=0,crypto/ssl=1,h46018=1,h46023=1,ldap=1,ssh=1,ipv6=0,h235media=1,lua=1,h46017=1,snmp=1,h46026=0) H323Plus(1.26.5) PTLib(2.10.9) Build(Aug 1 2015, 11:49:37) Sys(Linux x86_64 2.6.32-431.el6.x86_64)
> When i make a call, i have this error :
> 2015/08/01 13:53:30.732 2 RasSrv.cxx(177) RAS Read from 41.202.219.74:33554
> 2015/08/01 13:53:30.732 2 RasSrv.cxx(283) RAS Received ARQ from 41.202.219.74:33554
> 2015/08/01 13:53:30.733 1 RasSrv.cxx(412) RAS ARQ Received from 41.202.219.74:33554
> 2015/08/01 13:53:30.733 2 RasTbl.cxx(1518) RASTBL Gateway 2475510801_endp matched by prefix 4, priority: 1
> 2015/08/01 13:53:30.734 2 RasTbl.cxx(4727) CallTable::Insert(CALL) Call No. 1, total sessions : 1
> 2015/08/01 13:53:30.734 2 RasSrv.cxx(451) ACF|41.202.219.74:33554|59434296_endp|5302|402:dialedDigits|jlbebey:h323_ID=3008:dialedDigits|false|1c-74-df-76-03-00-00-1f-03-da-0b-e8-01-a6-e7-95|ToBeDecided;
> 2015/08/01 13:53:30.734 2 RasSrv.cxx(295) RAS Send ACF to 41.202.219.74:33554
> 2015/08/01 13:53:33.022 1 ProxyChannel.cxx(3646) Removing External IP from destCallSignalAddr in Setup
> 2015/08/01 13:53:33.022 2 gkacct.cxx(961) GKACCT Successfully logged event 1 for call no. 1
> 2015/08/01 13:53:33.038 1 ProxyChannel.cxx(1583) Call 1: h245Routed=1 proxy=1
> 2015/08/01 13:53:33.058 2 gkacct.cxx(961) GKACCT Successfully logged event 32 for call no. 1
> 2015/08/01 13:53:34.000 2 RasSrv.cxx(177) RAS Read from 41.202.219.74:33554
> 2015/08/01 13:53:34.000 2 RasSrv.cxx(283) RAS Received RRQ from 41.202.219.74:33554
> 2015/08/01 13:53:34.001 1 RasSrv.cxx(412) RAS RRQ Received from 41.202.219.74:33554
> 2015/08/01 13:53:34.002 2 RasSrv.cxx(295) RAS Send RCF to 41.202.219.74:33554
> 2015/08/01 13:53:34.184 0 assert.cxx(112) PWLib Assertion fail: Invalid array element, file /usr/local/ptlib-2.10.9//include/ptlib/array.h, line 1063, Error=22
>
> Any help ?
>
> Jean
>
the best way to debug this would be for you to create a stack trace of
the crash. See
http://www.gnugk.org/gnugk-manual-14.html#ss14.3
The trace you posted doesn't contain enough information to see what
went wrong. We need at least a level 5 trace to see what was inside the
message that cause the crash.
Regards,
Jan
--
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail : jan@xxxxxxxxxxxxxx
Website: http://www.gnugk.org
Support: http://www.willamowius.com/gnugk-support.html
Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584
Jean Lÿffffe9olein BEBEY wrote:
> Hil all,
> I have successfully compiled GNU 3.9 with theses options:
> ----- ptlib :- ./configure --enable-openldap --enable-openssl
> - make optnoshared
> ----- h323plus./configure --enable-h235 --enable-h235-256 --enable-h46025 --enable-h46026
> - make optnoshared
> ------ gnugk./configure --enable-h46018
> - make optnoshared
>
> -------- gatekeeper.iniI added the media encryption in [RoutedMode] :
> EnableH235HalfCallMedia=1
> H235HalfCallMediaStrength=256
> RequireH235HalfCallMedia=0
> RemoveH235Call=192.168.1.0/24
>
> and start gnugk :
> Gatekeeper(GNU) Version(3.9.0) Ext(pthreads=1,radius=1,mysql=1,pgsql=1,firebird=0,odbc=0,sqlite=0,large_fdset=0,crypto/ssl=1,h46018=1,h46023=1,ldap=1,ssh=1,ipv6=0,h235media=1,lua=1,h46017=1,snmp=1,h46026=0) H323Plus(1.26.5) PTLib(2.10.9) Build(Aug 1 2015, 11:49:37) Sys(Linux x86_64 2.6.32-431.el6.x86_64)
> When i make a call, i have this error :
> 2015/08/01 13:53:30.732 2 RasSrv.cxx(177) RAS Read from 41.202.219.74:33554
> 2015/08/01 13:53:30.732 2 RasSrv.cxx(283) RAS Received ARQ from 41.202.219.74:33554
> 2015/08/01 13:53:30.733 1 RasSrv.cxx(412) RAS ARQ Received from 41.202.219.74:33554
> 2015/08/01 13:53:30.733 2 RasTbl.cxx(1518) RASTBL Gateway 2475510801_endp matched by prefix 4, priority: 1
> 2015/08/01 13:53:30.734 2 RasTbl.cxx(4727) CallTable::Insert(CALL) Call No. 1, total sessions : 1
> 2015/08/01 13:53:30.734 2 RasSrv.cxx(451) ACF|41.202.219.74:33554|59434296_endp|5302|402:dialedDigits|jlbebey:h323_ID=3008:dialedDigits|false|1c-74-df-76-03-00-00-1f-03-da-0b-e8-01-a6-e7-95|ToBeDecided;
> 2015/08/01 13:53:30.734 2 RasSrv.cxx(295) RAS Send ACF to 41.202.219.74:33554
> 2015/08/01 13:53:33.022 1 ProxyChannel.cxx(3646) Removing External IP from destCallSignalAddr in Setup
> 2015/08/01 13:53:33.022 2 gkacct.cxx(961) GKACCT Successfully logged event 1 for call no. 1
> 2015/08/01 13:53:33.038 1 ProxyChannel.cxx(1583) Call 1: h245Routed=1 proxy=1
> 2015/08/01 13:53:33.058 2 gkacct.cxx(961) GKACCT Successfully logged event 32 for call no. 1
> 2015/08/01 13:53:34.000 2 RasSrv.cxx(177) RAS Read from 41.202.219.74:33554
> 2015/08/01 13:53:34.000 2 RasSrv.cxx(283) RAS Received RRQ from 41.202.219.74:33554
> 2015/08/01 13:53:34.001 1 RasSrv.cxx(412) RAS RRQ Received from 41.202.219.74:33554
> 2015/08/01 13:53:34.002 2 RasSrv.cxx(295) RAS Send RCF to 41.202.219.74:33554
> 2015/08/01 13:53:34.184 0 assert.cxx(112) PWLib Assertion fail: Invalid array element, file /usr/local/ptlib-2.10.9//include/ptlib/array.h, line 1063, Error=22
>
> Any help ?
>
> Jean
>
Attachment:
gnugk_TLS_MediaEncrypt.log
Description: Binary data
Attachment:
gnugk_TLS_Only.log
Description: Binary data
------------------------------------------------------------------------------
_______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
