[OpenSIPS-Users] Error: A TLS packet with unexpected length was received.

bay2x1 rod at racequeen.ph
Fri Sep 25 03:11:54 CEST 2009 

I was able to determine that the relay is using TCP.  I am encountering this
error on the mediaproxy-relay machine

Sep 24 18:38:44  media-relay[9744]: error: Connection with dispatcher at
xxx.xxx.xxx:25061 was lost: TCP connection timed out.
Sep 24 18:38:55 media-relay[9744]: error: Could not decode command/sequence
number pair from dispatcher: error
Sep 24 18:39:05 media-relay[9744]: error: Could not decode command/sequence
number pair from dispatcher: error
Sep 24 18:39:15 media-relay[9744]: error: Could not decode command/sequence
number pair from dispatcher: error

and on the mediaproxy-dispatcher 

Sep 24 18:31:46 media-dispatcher[19071]: error: Unknown command on
management interface: ping
Sep 24 18:31:56 media-dispatcher[19071]: error: Unknown command on
management interface: ping
Sep 24 18:32:06 media-dispatcher[19071]: error: Unknown command on
management interface: ping

I have already set the value on the dispatcher config.ini

listen_management = 0.0.0.0

; Whether or not to use TLS on the management interface. Note that the same
; TLS credentials are used for both the relay and the management interface
; connections.
;
; Default value is yes.
;
management_use_tls = yes

; Specify extra checks to be performed on the relay TLS credentials before
; considering the connection with the relay succesful. The passport is
; specified as a list of attribute/value pairs in the form:
;   AN:value[, AN:value...]
; where the attribute name (AN) is one of the available attribute names from
; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The value is a
; string that has to match with the corresponding attribute value from the
; relay certificate. A wildcard (*) can be used in the value at the
beginning
; or the end of the string to indicate that the corresponding attribute from
; the relay certificate must end with respectively to start with the given
; string (excluding the wildcard).
; For example using this passport:
;   passport = O:AG Projects, CN:relay*
; means that a connection with a relay will only be accepted if the relay
; certificate subject has organization set to "AG Projects" and the common
; name starts with "relay". To specify that no additional identity checks
; need to be performed, use the keyword None. If passport is None, then only
; the certificate signature is verified agains the certificate authority in
; tls/ca.pem (signature is always verified even when passport is None).
;
; Default value is None.
;
passport = None

; This option is similar to passport above, but applies to the management
; interface connections instead of relay connections. It specifies extra
; checks to be performed on the TLS credentials suplied by an entity that
; connects to the management interface. Please consult passport above for
; a detailed description of the possible values for this option.
;
; If management_use_tls is false, this option is ignored.
;
; Default value is None.
;
management_passport = None

What part did I misconfigure mediaproxy?





Dan Pascu wrote:
> 
> 
> On 24 Sep 2009, at 09:33, bay2x1 wrote:
> 
>>
>> How would I be able to determine if the dispatcher or the relay is  
>> using TCP
>> or TLS.  I have already disabled in the opensips.cfg the tcp, but I  
>> still
>> get the same error.
>>
> 
> They always use TLS. The only place where you can configure it to use  
> TCP, is the dispatcher management interface. Also opensips.cfg has  
> nothing to do with the mediaproxy applications. Those are configured  
> in /etc/init.d/config.ini
> 
>>
>>
>> Dan Pascu wrote:
>>>
>>>
>>> On 13 Aug 2009, at 02:21, bay2x1 wrote:
>>>
>>>>
>>>> I haven't resolved this problem.  Further exploration revealed that
>>>> both
>>>> relay and dispatcher are working.  The only problem is during the
>>>> handshake
>>>> between dispatcher and relay.  The dispatcher is refusing the relay
>>>> connection.  I have downloaded the sample tls certificates from the
>>>> svn
>>>> repository because I believe this might resolve the problem still  
>>>> the
>>>> problem persists.
>>>
>>> I have no idea what certificates those are. You should ask the svn
>>> repository owner what's up with them. We do not provide any
>>> certificates in any svn repository.
>>>
>>>> I am correct to say that I am using the correct
>>>> certificates if my CDRTool on Network and Session section is able to
>>>> connect
>>>> to the mediaproxy-dispatcher.
>>>
>>> No. CDRTool uses a single file certificate, while the dispatcher and
>>> relay use separate certificate and private key files. Read tls/README
>>>
>>>> I have observed it previously that if I dont
>>>> have the proper mediaproxy.hostname.com.pem file I encounter this
>>>> error ==
>>>> Error connecting to tls://hostname.com:25061: (111).  With my  
>>>> current
>>>> CDRTool configuration I am able to connect to media dispatcher
>>>> properly.  I
>>>> am wondering why I am receiving
>>>> Error: A TLS packet with unexpected length was received.
>>>
>>> That error message appears when a non-TLS client tries to connect  
>>> to a
>>> TLS server, or the other way around. One of your endpoints is TCP the
>>> other TLS.
>>>
>>>>
>>>>
>>>>
>>>>
>>>> bay2x1 wrote:
>>>>>
>>>>> I am encountering this error with mediaproxy.  Mediaproxy-relay and
>>>>> Mediaproxy-dispatcher is not on the same machine.
>>>>> Every time I restart mediaproxy-relay on the other computer I got
>>>>> this log
>>>>> error on the machine where mediaproxy-dispatcher is running.  I
>>>>> have check
>>>>> both relay and dispatcher have the same version 2.3.4.
>>>>>
>>>>> error: Connection with relay at 176.16.100.150 was lost: A TLS
>>>>> packet with
>>>>> unexpected length was received.
>>>>>
>>>>> Everytime I restart dispatcher I get this log warning
>>>>>
>>>>> Aug  9 20:42:04 phoenix303 media-dispatcher[10797]: Received  
>>>>> SIGTERM,
>>>>> shutting down.
>>>>> Aug  9 20:42:04 phoenix303 media-dispatcher[10797]: (Port None
>>>>> Closed)
>>>>> Aug  9 20:42:04 phoenix303 media-dispatcher[10797]: (Port 25061
>>>>> Closed)
>>>>> Aug  9 20:42:04 phoenix303 media-dispatcher[10797]: (Port 25060
>>>>> Closed)
>>>>> Aug  9 20:42:04 phoenix303 media-dispatcher[10797]: Connection with
>>>>> relay
>>>>> at 176.16.100.150 was closed
>>>>> Aug  9 20:42:04 phoenix303 media-dispatcher[10797]: Main loop
>>>>> terminated.
>>>>> Aug  9 20:42:05 phoenix303 media-dispatcher[10816]: Log opened.
>>>>> Aug  9 20:42:05 phoenix303 media-dispatcher[10816]: warning:
>>>>> startSyslog
>>>>> is being deprecated and will be removed in 1.2.0. Use the
>>>>> start_syslog
>>>>> function instead.
>>>>> Aug  9 20:42:05 phoenix303 media-dispatcher[10816]: Starting
>>>>> MediaProxy
>>>>> Dispatcher 2.3.4
>>>>> Aug  9 20:42:05 phoenix303 media-dispatcher[10816]: Twisted is  
>>>>> using
>>>>> epollreactor
>>>>> Aug  9 20:42:06 phoenix303 media-dispatcher[10816]:
>>>>> mediaproxy.dispatcher.RelayFactory starting on 25060
>>>>> Aug  9 20:42:06 phoenix303 media-dispatcher[10816]:
>>>>> mediaproxy.dispatcher.OpenSIPSControlFactory starting on
>>>>> "'/var/run/mediaproxy/dispatcher.sock'"
>>>>> Aug  9 20:42:06 phoenix303 media-dispatcher[10816]:
>>>>> mediaproxy.dispatcher.ManagementControlFactory starting on 25
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> -----
>>>> http://opensips.blogspot.com http://opensips.blogspot.com
>>>> -- 
>>>> View this message in context:
>>>> http://n2.nabble.com/Error%3A-A-TLS-packet-with-unexpected-length-was-received.-tp3415244p3434560.html
>>>> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>> --
>>> Dan
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>> -----
>> http://opensips.blogspot.com http://opensips.blogspot.com
>> -- 
>> View this message in context:
>> http://n2.nabble.com/Error-A-TLS-packet-with-unexpected-length-was-received-tp3415244p3704412.html
>> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
> 
> --
> Dan
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
> 


-----
http://opensips.blogspot.com http://opensips.blogspot.com 
-- 
View this message in context: http://n2.nabble.com/Error-A-TLS-packet-with-unexpected-length-was-received-tp3415244p3709810.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

More information about the Users mailing list