<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">Thanks for the detailed explanation Michael.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I stop the current asterisk process (started by systemd), and restart it as asterisk:</div><div class="gmail_default"><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">[asterisk@voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq -vvv -C /etc/asterisk/asterisk.conf</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace"><br></font></span></p></div><div class="gmail_default" style="font-size:small">from the log there was no attempt to even open the cert file. I edited /etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the transport-tls section. Rerun the strace command, and here the part re cert files:</div><div class="gmail_default"><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640, st_size=1</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">212, ...}) = 0</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 geteuid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 getegid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 getuid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 getgid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 access("/home/asterisk/certs/asterisk.crt", R_OK) = 0</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640, st_size=8</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">91, ...}) = 0</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 geteuid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 getegid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 getuid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 getgid() = 1002</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 access("/home/asterisk/certs/asterisk.key", R_OK) = 0</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1 ENOPROTOOPT (</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">Protocol not available)</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0</font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">8189 setsockopt(16, SOL_TCP, TCP_NODELAY, [1], 4) = 0</font></span></p><div><span style="font-variant-ligatures:no-common-ligatures"><br></span></div></div><div class="gmail_default" style="font-size:small">The tls transport is not established in the end. Only the two hard phones using udp transport and a softphone using tcp transport are registered.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Thanks,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">--Ruisheng</div><div class="gmail_default" style="font-size:small"><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 28, 2021 at 7:42 PM Michael Maier <<a href="mailto:m1278468@mailbox.org">m1278468@mailbox.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><br>
On 27.01.21 at 22:57 Ruisheng Peng wrote:<br>
> Thanks Michael for the suggestion! I've installed strace and assigned one<br>
> of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as<br>
> user asterisk):<br>
> <br>
> [asterisk@voip1 ~]$ strace asterisk -rx "module reload res_pjsip.so"<br>
<br>
You should use strace like this as root and from the very beginning of the start <br>
of asterisk:<br>
<br>
strace -f -o /tmp/strace.log asterisk -vvv -mqf -C /etc/asterisk/asterisk.conf<br>
<br>
-f means, to follow even forked processes, ... (see man page)<br>
-o writes all the output to a file. You can search afterwards pretty easily for <br>
the file (or the open call).<br>
<br>
You shouldn't do this in production but in the test environment!<br>
<br>
You have to run it as long as the error has happened.<br>
<br>
<br>
Thanks<br>
Michael<br>
<br>
-- <br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
Check out the new Asterisk community forum at: <a href="https://community.asterisk.org/" rel="noreferrer" target="_blank">https://community.asterisk.org/</a><br>
<br>
New to Asterisk? Start here:<br>
<a href="https://wiki.asterisk.org/wiki/display/AST/Getting+Started" rel="noreferrer" target="_blank">https://wiki.asterisk.org/wiki/display/AST/Getting+Started</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
<br>
</blockquote></div>