handle_tcptls_connection: FILE * open failed

Get help with installing, upgrading and running Asterisk.

Moderators: muppetmaster, Moderator, Support

handle_tcptls_connection: FILE * open failed

Postby nettrust » Thu Feb 16, 2012 5:47 am

I am using Asterisk 1.8.9.2 with Yealink T28P VoIP phones (latest v61 firmware)

I followed the instructions here:
https://wiki.asterisk.org/wiki/display/ ... g+Tutorial
to enable TLS.

My sip.conf looks like this:
[general]
......
tlsenable = yes
tlscertfile = /etc/asterisk/certs/asterisk.pem
tlscadir = /etc/asterisk/certs/ca
tlscipher = ALL
tlsclientmethod = tlsv1

I have run "c_rehash" on the CA certs directory.

When the Yealink phones are set to TLS mode I get:
"handle_tcptls_connection: FILE * open failed" on the Asterisk CLI every minute or so.

I do not get this error when only using TLS to my upline provider.

I have spent a lot of time trying to work this out with Google and have had no success so far.
nettrust
Newsterisk
 
Posts: 11
Joined: Wed Feb 15, 2012 11:19 pm

Re: handle_tcptls_connection: FILE * open failed

Postby irakla7777777 » Thu Feb 16, 2012 3:13 pm

try this:
[url]
http://ofps.oreilly.com/titles/97805965 ... eConn.html
[/url]

section is : Encrypting SIP calls
irakla7777777
Newsterisk
 
Posts: 12
Joined: Thu Feb 16, 2012 2:28 pm

Re: handle_tcptls_connection: FILE * open failed

Postby nettrust » Thu Feb 16, 2012 4:57 pm

irakla7777777 wrote:try this:
[url]
http://ofps.oreilly.com/titles/97805965 ... eConn.html
[/url]

section is : Encrypting SIP calls


I have already done that procedure.

There is also another problem which I am going to have to resolve before continuing with the above, and that is, when TLS is switched On, outgoing calls can be made, but incoming calls can not. The phone's status becomes "Unreachable" in "sip show peers".

On the CLI I am getting the following message:
[Feb 17 11:47:13] ERROR[18793]: tcptls.c:397 ast_tcptls_client_start: Unable to connect SIP socket to 192.168.0.1:5063: Connection refused

How port 5063 relates to this I do not know. Port 5061 is the default for TLS:

"sip show settings"
Global Settings:
----------------
UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: 0.0.0.0:5061

The peer is as follows:
[DELETED]
type = friend
context = DELETED
host = dynamic
transport = tls
encryption = yes
username = DELETED
secret = DELETED
insecure = port,invite
nat = no
dtmfmode = rfc2833
canreinvite = no
disallow = all
allow = g722
qualify = yes
language=en_NZ

The phone is directly connected across the network to the Asterisk box.
nettrust
Newsterisk
 
Posts: 11
Joined: Wed Feb 15, 2012 11:19 pm

Re: handle_tcptls_connection: FILE * open failed

Postby david55 » Thu Feb 16, 2012 5:09 pm

Your insecure parameter contains values that are no longer supported and when supported were more insecure than strictly necessary. canreinvite is deprecated.


I assume that port 5063 is the one from which the REGISTER was issued. I though you said that outgoing calls worked, as this error is for an outgoing call.

I'm also not sure that you need the insecurity of type=friend, here.
david55
Moves Like Spencer
 
Posts: 10699
Joined: Fri Sep 26, 2008 5:03 am

Re: handle_tcptls_connection: FILE * open failed

Postby nettrust » Thu Feb 16, 2012 6:05 pm

david55 wrote:Your insecure parameter contains values that are no longer supported and when supported were more insecure than strictly necessary. canreinvite is deprecated.


I assume that port 5063 is the one from which the REGISTER was issued. I though you said that outgoing calls worked, as this error is for an outgoing call.

I'm also not sure that you need the insecurity of type=friend, here.


I have now changed caneinvite=no to directmedia=no.

I am not sure how to deal with the other issue. By my reading type=friend is the only way to deal with VoIP phones on IP addresses that might change.
nettrust
Newsterisk
 
Posts: 11
Joined: Wed Feb 15, 2012 11:19 pm


Return to Asterisk Support

Who is online

Users browsing this forum: No registered users and 28 guests