[OpenSIPS-Users] SIP CLient <- TLS --> OpenSIPS <- UDP -> SIP Server
Anil M Pannikode (hotmail)
anilpannikode at hotmail.com
Fri Jun 19 11:58:57 CEST 2009
We are still not able to get TLS working. The OpsnSIPS logs shows the
following
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:parse_to:
display={"Anonymous"}, ruri={sip:Anonymous at sip1.mydomain.com}
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: Method : INVITE
from 10.10.20.246 fd sip1.mydomain.com
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:maxfwd:is_maxfwd_present: value = 70
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:tm:t_newtran:
transaction on entrance=0xffffffff
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:parse_headers: flags=ffffffffffffffff
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:parse_to_param: tag=772432463135364100001E34
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:parse_to:
end of header reached, state=29
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:parse_to:
display={}, ruri={sip:9999999999 at IPGateway.mydomain.com;user=phone}
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:get_hdr_field: <To> [86];
uri=[sip:9999999999 at IPGateway.mydomain.com;user=phone]
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:get_hdr_field: to body
[<sip:9999999999 at IPGateway.mydomain.com;user=phone>]
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:get_hdr_field: cseq <CSeq>: <2> <INVITE>
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:get_hdr_field: content_length=401
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:get_hdr_field: found end of header
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:parse_headers: flags=78
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:tm:t_lookup_request: start searching: hash=39696, isACK=0
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:tm:matching_3261: RFC3261 transaction matching failed
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:tm:t_lookup_request: no transaction found
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:tm:run_reqin_callbacks: trans=0xb40250e8, callback type 1, id 0 entered
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:parse_headers: flags=ffffffffffffffff
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:check_via_address: params 10.10.20.246, 10.10.20.246, 0
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:_shm_resize: resize(0) called
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:tm:_reply_light: reply sent out. buf=0x82a30c0: SIP/2.0 1...,
shmem=0xb40141c8: SIP/2.0 1
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:tm:_reply_light: finished
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:mk_proxy:
doing DNS lookup...
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:parse_headers: flags=2000
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:tcp_send:
no open tcp connection found, opening new one
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:print_ip:
tcpconn_new: new tcp connection to: 10.10.20.206
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:tcpconn_new: on port 5061, type 3
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:tls_tcpconn_init: TLS client domain AVP found = 'sip1.mydomain.com'
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:tls_find_client_domain_name: virtual TLS client domain found
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:tls_tcpconn_init: found name based TLS client domain
'sip1.mydomain.com'
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:tls_tcpconn_init: Setting in CONNECT mode (client)
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:tcp_send:
sending...
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:tls_update_fd: New fd is 8
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
ERROR:core:tls_blocking_write: too many retries with no operation
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:tcp_send:
after write: c= 0xb40284d8 n=-1 fd=8
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2114]:
DBG:core:handle_ser_child: read response= b40284d8, 2, fd 25 from 1 (2103)
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2114]:
DBG:core:tcpconn_add: hashes: 463, 36
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2114]:
DBG:core:io_watch_add: io_watch_add(0x826a9c0, 25, 2, 0xb40284d8), fd_no=17
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:core:tcp_send:
buf= INVITE sip:9999999999 at 10.10.20.206:5061;transport=tls SIP/2.0^M Via:
SIP/2.0/TLS 10.10.10.193:5061;branch=z9hG4bK01b9.1a760103.0^M Via:
SIP/2.0/UDP
10.10.20.246:5060;received=10.10.20.246;rport=5060;branch=z9hG4bK3270876536-
394448^M Route:
<sip:10.10.10.193;r2=on;lr=on>,<sip:10.10.10.193:5061;transport=tls;r2=on;lr
=on>^M Max-Forwards: 69^M Allow:
SUBSCRIBE,NOTIFY,REFER,INVITE,ACK,OPTIONS,CANCEL,BYE^M Supported:
timer,replaces,TIMER^M From: "Anonymous"
<sip:Anonymous at sip1.mydomain.com>;tag=Test_3270532536-328912^M To:
<sip:9999999999 at IPGateway.mydomain.com;user=phone>;tag=772432463135364100001
E34^M Call-ID: 01B2270F8E81400000000029 at IPGateway.mydomain.com^M CSeq: 2
INVITE^M Min-SE: 10^M Contact: <sip:Test at 10.10.20.246:5060>^M Content-Type:
application/sdp^M Content-Length: 401^M ^M v=0^M o=Test 256 3 IN IP4
10.10.20.246^M s=SipSession with Test^M i=Test^M u=http://www.Test.com^M
c=IN IP4 10.10.20.246^M t=0 0^M
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
ERROR:core:tcp_send: failed to send
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: ERROR:tm:msg_send:
tcp_send failed
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
ERROR:tm:t_forward_nonack: sending request failed
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]: DBG:tm:t_relay_to:
t_forward_nonack returned error
Jun 17 03:41:23 sip-proxy-dev2 /usr/sbin/opensips[2103]:
DBG:core:parse_headers: flags=ffffffffffffffff
Based on the wireshark traces.
- OpenSIPS sends a 'Client Helo' to Gateway
- Before it receives the 'Server Helo' back , it is sending '477 Send
failed' back to Media gateway.
- Gateway sends 'Server Helo' back to OpenSIPS.
In the config I have set the following values
tls_handshake_timeout=60
tls_send_timeout=60
However it looks like the OpenSIPS is returning failure way too early (in
less than 1 second)
And there are no firewalls between these two servers.
Any help will be appreciated.
Regards
Anil
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
Sent: Wednesday, June 10, 2009 2:12 PM
To: Anil M Pannikode (hotmail)
Cc: users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] SIP CLient <- TLS --> OpenSIPS <- UDP -> SIP
Server
Hi Anil,
The error you get means opensips is unable to send the message out -
typically this means so OS / network related issue. Like the connection
could not be established because firewall, nat, etc...
Is the client where opensips tries to connect to behind a nat?
Regards,
Bogdan
Anil M Pannikode (hotmail) wrote:
>
> Here are the log files from opensips server.
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tcp_send: no open tcp connection found, opening new one
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:print_ip: tcpconn_new: new tcp connection to: 10.10.20.206
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tcpconn_new: on port 5061, type 3
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tls_tcpconn_init: name based TLS client domains are disabled
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tls_tcpconn_init: no TLS client doman AVP set, looking for
> socket based TLS client domain
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tls_find_client_domain: virtual TLS client domain not found,
> Using default TLS client domain settings
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tls_tcpconn_init: found socket based TLS client domain
> [0.0.0.0:0]
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tls_tcpconn_init: Setting in CONNECT mode (client)
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7172]:
> DBG:core:handle_ser_child: read response= b3f5b400, 2, fd 25 from 2
> (7162)
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7172]:
> DBG:core:tcpconn_add: hashes: 463, 2
>
> Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7172]:
> DBG:core:io_watch_add: io_watch_add(0x826a9c0, 25, 2, 0xb3f5b400),
> fd_no=17
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tcp_send: sending... *
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tls_update_fd: New fd is 9 *
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> ERROR:core:tls_blocking_write: too many retries with no operation *
>
> *Jun 5 16:24:45 pc10-10-10-193 /usr/sbin/opensips[7162]:
> DBG:core:tcp_send: after write: c= 0xb3f5b400 n=-1 fd=9 *
>
> * *
>
> * *
>
> Wireshark shows "SSL Client helo" to server and "SSL Server helo" back
> from server.
>
> Is there a way to get more detailed error on the SSL Issues ?
>
> Anil
>
> *From:* users-bounces at lists.opensips.org
> [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Anil M
> Pannikode (hotmail)
> *Sent:* Wednesday, June 03, 2009 10:01 AM
> *To:* users at lists.opensips.org
> *Subject:* [OpenSIPS-Users] SIP CLient <- TLS --> OpenSIPS <- UDP ->
> SIP Server
>
> I am having the same issue as the following email which I found in the
> archive, Do we know if there is solution to this issue ? I tried the
> suggested solution , however still not working.
>
> Anil
>
> *Bogdan-Andrei Iancu* bogdan at voice-system.ro
>
<mailto:users%40lists.opensips.org?Subject=%5BOpenSIPS-Users%5D%20Problem%20
in%20sending%20outbound%20SIP%20messages%20via%0A%20TLS&In-Reply-To=c443f41b
0808200558x3bb41aaft33d6c6a45aa7d9b%40mail.gmail.com>
> /Sun Aug 31 01:10:56 CEST 2008/
>
> * Previous message: [OpenSIPS-Users] Problem in sending outbound
> SIP messages via TLS
> <http://www.openser.org/pipermail/users/2008-August/000193.html>
> * Next message: [OpenSIPS-Users] Simple question: Asterisk with
> Zoiper (no sound).
> <http://www.openser.org/pipermail/users/2008-August/000194.html>
> * *Messages sorted by:* [ date ]
> <http://www.openser.org/pipermail/users/2008-August/date.html#369>
> [ thread ]
> <http://www.openser.org/pipermail/users/2008-August/thread.html#369>
> [ subject ]
>
<http://www.openser.org/pipermail/users/2008-August/subject.html#369>
> [ author ]
> <http://www.openser.org/pipermail/users/2008-August/author.html#369>
>
>
> ------------------------------------------------------------------------
> Hi,
>
> have you tried with:
>
> tls_verify_server = 0
> tls_verify_client = 0
> tls_require_client_certificate = 0
>
> Regards,
> Bogdan
>
> Nachiket Tarate wrote:
> >/ /
> >/ Hi,/
> >/ /
> >/ I am currently trying to make Secure RTP calls between my SIP client /
> >/ and the eyeBeam. When eyeBeam is configured for encrypted calls, it /
> >/ uses Secure RTP for media and TLS for SIP signalling./
> >/ /
> >/ I have configured the OpenSIPs server with TLS support./
> >/ /
> >/ The scenario is as shown below:/
> >/ /
> >/ /
> >/ ---------------- UDP ------------------ TLS
-------------/
> >/ | My SIP Client | <-----> | OpenSIPs Server | <-----> | eyeBeam 1.5
|/
> >/ ---------------- ------------------
-------------/
> >/ Linux Machine Linux Machine Widows XP /
> >/ machine/
> >/ /
> >/ When a call is made from eyeBeam to My SIP client the call gets /
> >/ established properly and the OpenSIPs server acts as a gateway./
> >/ /
> >/ But when a call is made from My SIP client to eyeBeam the OpenSIPs /
> >/ returns the *477 Send failed* response to My SIP client./
> >/ /
> >/ By enabling the debug informaiton on OpenSIPs server, I found that it /
> >/ couldn't do TLS handshake with the eyeBeam and so couldn't send the /
> >/ SIP Request from My SIP client to the eyeBeam./
> >/ /
> >/ In brief the OpenSIPs server can accept the inbound messages via TLS /
> >/ but *it can't send outbound messages via TLS*./
> >/ /
> >/ Can anybody help me to resolve this problem? Please see my /
> >/ opensips.cfg file and OpenSIPs server logs attached with this mail./
> >/ /
> >/ Thanks,/
> >/ NT/
> >/ /
> >/ /
> >/
------------------------------------------------------------------------/
> >/ /
> >/ _______________________________________________/
> >/ Users mailing list/
> >/ Users at lists.opensips.org
<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>/
> >/ http://lists.opensips.org/cgi-bin/mailman/listinfo/users/
>
>
> ------------------------------------------------------------------------
>
> * Previous message: [OpenSIPS-Users] Problem in sending outbound
> SIP messages via TLS
> <http://www.openser.org/pipermail/users/2008-August/000193.html>
> * Next message: [OpenSIPS-Users] Simple question: Asterisk with
> Zoiper (no sound).
> <http://www.openser.org/pipermail/users/2008-August/000194.html>
> * *Messages sorted by:* [ date ]
> <http://www.openser.org/pipermail/users/2008-August/date.html#369>
> [ thread ]
> <http://www.openser.org/pipermail/users/2008-August/thread.html#369>
> [ subject ]
>
<http://www.openser.org/pipermail/users/2008-August/subject.html#369>
> [ author ]
> <http://www.openser.org/pipermail/users/2008-August/author.html#369>
>
>
> ------------------------------------------------------------------------
>
> More information about the Users mailing list
> <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list