Summary: | ASTERISK-19201: TLS Manager Bind Port - random port - not configurable | ||
Reporter: | Chris Mylonas (chris.mylonas) | Labels: | |
Date Opened: | 2012-01-15 03:15:59.000-0600 | Date Closed: | 2012-02-02 11:05:01.000-0600 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | CEL/cel_manager |
Versions: | 1.8.8.1 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | CentOS 5, asterisk-1.8.8.1 built from source | Attachments: | |
Description: | Hi - I'm running asterisk-1.8.8.1 and have TLS manager support working on port 5039 but the manager.conf settings for changing port don't appear to be read. manager.conf [code] [general] enabled = yes webenabled=no port = 5038 bindaddr = 127.0.0.1 displayconnects=yes ;only effects 1.6+ tlsenable=yes tlsbindport=5777 tlsbindaddr=0.0.0.0 tlscert=/var/lib/asterisk/keys/astcert.pem and the resulting netstat output [root@asterisk asterisk]# netstat -ptan | grep asterisk tcp 0 0 127.0.0.1:5038 0.0.0.0:* LISTEN 22809/asterisk tcp 0 0 127.0.0.1:5039 0.0.0.0:* LISTEN 22809/asterisk tcp 0 0 xxx.xxx.xxx.xxx:58528 72.14.203.125:5222 ESTABLISHED 22809/asterisk And when I disable unencrypted manager but leave tls manager this happens [general] enabled = no webenabled=no port = 5038 bindaddr = 127.0.0.1 displayconnects=yes ;only effects 1.6+ tlsenable=yes tlsbindport=5777 tlsbindaddr=0.0.0.0 tlscert=/var/lib/asterisk/keys/astcert.pem [root@asterisk asterisk]# netstat -ptan | grep asterisk tcp 0 0 0.0.0.0:38513 0.0.0.0:* LISTEN 23019/asterisk tcp 0 0 xxx.xxx.xxx.xxx:44368 74.125.31.125:5222 ESTABLISHED 23019/asterisk which is a random port selected. Restarting asterisk gets this netstat output [root@tour asterisk]# netstat -ptan | grep asterisk tcp 0 0 0.0.0.0:35751 0.0.0.0:* LISTEN 23381/asterisk tcp 0 0 xxx.xxx.xxx.xxx:57649 74.125.31.125:5222 ESTABLISHED 23381/asterisk First random tls manager port is 38513, and second instance is 35751. Thanks Chris | ||
Comments: | By: Chris Mylonas (chris.mylonas) 2012-01-15 04:47:15.050-0600 Further, The tlsbindaddr doesn't obey the settings, it just copies whatever the bindaddr is. The unencrypted port setting works. [general] enabled = no webenabled=no port = 5044 bindaddr = 127.0.0.1 displayconnects=yes ;only effects 1.6+ tlsenable=yes tlsbindport=5777 tlsbindaddr=0.0.0.0 tlscert=/var/lib/asterisk/keys/astcert.pem [root@asterisk asterisk]# netstat -ptan | grep asterisk tcp 0 0 127.0.0.1:5039 0.0.0.0:* LISTEN 23381/asterisk tcp 0 0 127.0.0.1:5044 0.0.0.0:* LISTEN 23381/asterisk tcp 0 0 xxx.xxx.xxx.xxx:57649 74.125.31.125:5222 ESTABLISHED 23381/asterisk Cheers By: Paul Belanger (pabelanger) 2012-01-15 12:53:01.075-0600 tlsbindport is not correct, this is likely a typo in the config file. Try tlsbindaddr = 0.0.0.0:5777 Fixed, typo By: Chris Mylonas (chris.mylonas) 2012-01-16 15:35:17.803-0600 I have lots of feedback coming - I will open separate issues for each as they are different on different circumstances. The setting tlsbindaddr addresses this issue. By: Chris Mylonas (chris.mylonas) 2012-01-16 15:36:03.903-0600 The tlsbindaddr format of xxx.xxx.xxx.xxx:yyyy fixes my issue. The manager.conf.sample file needs to be updated. By: Matt Jordan (mjordan) 2012-01-17 08:18:21.186-0600 I reopened this because, if nothing else, there is a documentation discrepancy in the sample configuration file. By: Chris Mylonas (chris.mylonas) 2012-01-18 16:12:16.047-0600 Yep - good idea - fix the sample docs. I've created another related issue regarding a random port being opened up when disabling manager API -> ASTERISK-19204 |