[asterisk-bugs] [JIRA] (ASTERISK-27324) [patch] Dual-Stack server cannot be used as IPv4 client via TCP/TLS

Friendly Automation (JIRA) noreply at issues.asterisk.org
Tue Oct 10 08:08:20 CDT 2017


    [ https://issues.asterisk.org/jira/browse/ASTERISK-27324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=239210#comment-239210 ] 

Friendly Automation commented on ASTERISK-27324:
------------------------------------------------

Change 6682 merged by Jenkins2:
tcptls: Do not re-bind to wildcard on client creation.

[https://gerrit.asterisk.org/6682|https://gerrit.asterisk.org/6682]

> [patch] Dual-Stack server cannot be used as IPv4 client via TCP/TLS
> -------------------------------------------------------------------
>
>                 Key: ASTERISK-27324
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27324
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/TCP-TLS
>    Affects Versions: 13.7.2, 14.6.2, 15.0.0
>            Reporter: Alexander Traud
>            Assignee: Alexander Traud
>         Attachments: tcp_ip_dual_stack_server_ipv4_client.patch
>
>
> Asterisk can be used as SIP server and client at the same time. Furthermore, Asterisk can be ran as IPv4-only, IPv6-only, or dual stack server. On default, Asterisk is an IPv4-only server and the {{bindaddr}} is null. Because I added {{bindaddr=::}} to the configuration file {{sip.conf}}, my Asterisk listens on the IPv4 and IPv6 wildcards. In that case, the {{bindaddr}} is not null but unspecified ({{INADDR_ANY}}). Similar for UDP, TCP, and TLS: On default, Asterisk is using just UDP. Therefore, I added {{tlsenable=yes}} to my {{sip.conf}}.
> Since 13.16, my Asterisk is unable to connect to other IPv4-only SIP services via TLS, with the error message:
> bq. ast_tcptls_client_create: Unable to bind SIP socket to \[::\]:0: Address family not supported by protocol
> For example here in Germany, I use the VoIP/SIP provider dus.net via _secure.dus.net_ to call (traditional) phone numbers. However, IPv6 services like _securev6.dus.net_ and services based on UDP like _proxy.dus.net_ are of no issue.
> Consequently, this issue affects only those chan_sip which were
> * enabled for dual-stack {{bindaddr=::}}, and
> * enabled for TCP {{tcpenable=yes}} and/or TLS {{tlsenable=yes}}, and
> * tried to register and/or invite a IPv4-only service,
> * via TCP or TLS.
> The resolution of ASTERISK-26922 revealed this bug, which was present since day one of the IPv6 support in Asterisk seven years ago. Attached is a patch to check not only for ‘is null’ but also whether the current bind address ‘is any’.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list