[OpenSIPS-Users] SIP CLient <- TLS --> OpenSIPS <- UDP -> SIP Server

Wed Jun 10 20:11:46 CEST 2009

Hi Anil,

The error you get means opensips is unable to send the message out - 
typically this means so OS / network related issue. Like the connection 
could not be established because firewall, nat, etc...

Is the client where opensips tries to connect to behind a nat?

Regards,
Bogdan

Anil M Pannikode (hotmail) wrote:
>
> Here are the log files from opensips server.
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tcp_send: no open tcp connection found, opening new one
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:print_ip: tcpconn_new: new tcp connection to: 10.10.20.206
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tcpconn_new: on port 5061, type 3
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tls_tcpconn_init: name based TLS client domains are disabled
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tls_tcpconn_init: no TLS client doman AVP set, looking for 
> socket based TLS client domain
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tls_find_client_domain: virtual TLS client domain not found, 
> Using default TLS client domain settings
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tls_tcpconn_init: found socket based TLS client domain 
> [0.0.0.0:0]
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tls_tcpconn_init: Setting in CONNECT mode (client)
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7172]: 
> DBG:core:handle_ser_child: read response= b3f5b400, 2, fd 25 from 2 
> (7162)
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7172]: 
> DBG:core:tcpconn_add: hashes: 463, 2
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7172]: 
> DBG:core:io_watch_add: io_watch_add(0x826a9c0, 25, 2, 0xb3f5b400), 
> fd_no=17
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tcp_send: sending... *
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tls_update_fd: New fd is 9 *
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> ERROR:core:tls_blocking_write: too many retries with no operation *
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]: 
> DBG:core:tcp_send: after write: c= 0xb3f5b400 n=-1 fd=9 *
>
> * *
>
> * *
>
> Wireshark shows “SSL Client helo” to server and “SSL Server helo” back 
> from server.
>
> Is there a way to get more detailed error on the SSL Issues ?
>
> Anil
>
> *From:* users-bounces at lists.opensips.org 
> [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Anil M 
> Pannikode (hotmail)
> *Sent:* Wednesday, June 03, 2009 10:01 AM
> *To:* users at lists.opensips.org
> *Subject:* [OpenSIPS-Users] SIP CLient <- TLS --> OpenSIPS <- UDP -> 
> SIP Server
>
> I am having the same issue as the following email which I found in the 
> archive, Do we know if there is solution to this issue ? I tried the 
> suggested solution , however still not working.
>
> Anil
>
> *Bogdan-Andrei Iancu* bogdan at voice-system.ro 
> <mailto:users%40lists.opensips.org?Subject=%5BOpenSIPS-Users%5D%20Problem%20in%20sending%20outbound%20SIP%20messages%20via%0A%20TLS&In-Reply-To=c443f41b0808200558x3bb41aaft33d6c6a45aa7d9b%40mail.gmail.com>
> /Sun Aug 31 01:10:56 CEST 2008/
>
>     * Previous message: [OpenSIPS-Users] Problem in sending outbound
>       SIP messages via TLS
>       <http://www.openser.org/pipermail/users/2008-August/000193.html>
>     * Next message: [OpenSIPS-Users] Simple question: Asterisk with
>       Zoiper (no sound).
>       <http://www.openser.org/pipermail/users/2008-August/000194.html>
>     * *Messages sorted by:* [ date ]
>       <http://www.openser.org/pipermail/users/2008-August/date.html#369>
>       [ thread ]
>       <http://www.openser.org/pipermail/users/2008-August/thread.html#369>
>       [ subject ]
>       <http://www.openser.org/pipermail/users/2008-August/subject.html#369>
>       [ author ]
>       <http://www.openser.org/pipermail/users/2008-August/author.html#369>
>
>
> ------------------------------------------------------------------------
> Hi,
>  
> have you tried with:
>  
> tls_verify_server = 0
> tls_verify_client = 0
> tls_require_client_certificate = 0
>  
> Regards,
> Bogdan
>  
> Nachiket Tarate wrote:
> >/ /
> >/ Hi,/
> >/ /
> >/ I am currently trying to make Secure RTP calls between my SIP client /
> >/ and the eyeBeam. When eyeBeam is configured for encrypted calls, it /
> >/ uses Secure RTP for media and TLS for SIP signalling./
> >/ /
> >/ I have configured the OpenSIPs server with TLS support./
> >/ /
> >/ The scenario is as shown below:/
> >/ /
> >/ /
> >/  ----------------    UDP      ------------------    TLS    -------------/
> >/ |  My SIP Client |  <----->  |  OpenSIPs Server | <-----> | eyeBeam 1.5 |/
> >/  ----------------             ------------------           -------------/
> >/   Linux Machine                Linux Machine             Widows XP /
> >/ machine/
> >/ /
> >/ When a call is made from eyeBeam to My SIP client the call gets /
> >/ established properly and the OpenSIPs server acts as a gateway./
> >/ /
> >/ But when a call is made from My SIP client to eyeBeam the OpenSIPs /
> >/ returns the *477 Send failed* response to My SIP client./
> >/ /
> >/ By enabling the debug informaiton on OpenSIPs server, I found that it /
> >/ couldn't do TLS handshake with the eyeBeam and so couldn't send the /
> >/ SIP Request from My SIP client to the eyeBeam./
> >/ /
> >/ In brief the OpenSIPs server can accept the inbound messages via TLS /
> >/ but *it can't send outbound messages via TLS*./
> >/ /
> >/ Can anybody help me to resolve this problem? Please see my /
> >/ opensips.cfg file and OpenSIPs server logs attached with this mail./
> >/ /
> >/ Thanks,/
> >/ NT/
> >/  /
> >/ /
> >/ ------------------------------------------------------------------------/
> >/ /
> >/ _______________________________________________/
> >/ Users mailing list/
> >/ Users at lists.opensips.org <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>/
> >/ http://lists.opensips.org/cgi-bin/mailman/listinfo/users/
>  
>  
> ------------------------------------------------------------------------
>
>     * Previous message: [OpenSIPS-Users] Problem in sending outbound
>       SIP messages via TLS
>       <http://www.openser.org/pipermail/users/2008-August/000193.html>
>     * Next message: [OpenSIPS-Users] Simple question: Asterisk with
>       Zoiper (no sound).
>       <http://www.openser.org/pipermail/users/2008-August/000194.html>
>     * *Messages sorted by:* [ date ]
>       <http://www.openser.org/pipermail/users/2008-August/date.html#369>
>       [ thread ]
>       <http://www.openser.org/pipermail/users/2008-August/thread.html#369>
>       [ subject ]
>       <http://www.openser.org/pipermail/users/2008-August/subject.html#369>
>       [ author ]
>       <http://www.openser.org/pipermail/users/2008-August/author.html#369>
>
>
> ------------------------------------------------------------------------
>
> More information about the Users mailing list 
> <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   