[OpenSIPS-Users] Error: A TLS packet with unexpected length was received.

Dan Pascu dan at ag-projects.com
Mon Sep 28 12:28:02 CEST 2009 

On 25 Sep 2009, at 04:11, bay2x1 wrote:

>
> I was able to determine that the relay is using TCP.

The relay _never_ uses TCP.

>  I am encountering this error on the mediaproxy-relay machine
>
> Sep 24 18:38:44  media-relay[9744]: error: Connection with  
> dispatcher at
> xxx.xxx.xxx:25061 was lost: TCP connection timed out.

This only means that it could not connect on the TCP level (TLS works  
on top of TCP, so it needs an established TCP connection before it  
starts negotiating and establishing TLS on top of it).
In your case the first stage (establishing a TCP transport) has failed.

> Sep 24 18:38:55 media-relay[9744]: error: Could not decode command/ 
> sequence
> number pair from dispatcher: error
> Sep 24 18:39:05 media-relay[9744]: error: Could not decode command/ 
> sequence
> number pair from dispatcher: error
> Sep 24 18:39:15 media-relay[9744]: error: Could not decode command/ 
> sequence
> number pair from dispatcher: error
>

make sure the relay and dispatcher version numbers match.

> and on the mediaproxy-dispatcher
>
> Sep 24 18:31:46 media-dispatcher[19071]: error: Unknown command on
> management interface: ping
> Sep 24 18:31:56 media-dispatcher[19071]: error: Unknown command on
> management interface: ping
> Sep 24 18:32:06 media-dispatcher[19071]: error: Unknown command on
> management interface: ping

ping was not meant to be used on the management interface. Unless you  
manually send that command to the management interface for testing, I  
suspect that you somehow got the 2 ports mixed. There are 2 ports used  
by the dispatcher: 25060 used to listen for incoming relay connections  
and communicate with the relays; 25061 is used for the management  
interface, that can be used to obtain information about the dispatcher  
and relays. In your case it sounds as if the relay connected to the  
dispatcher management port (25061) instead of the standard relay port  
(25060)

>
> I have already set the value on the dispatcher config.ini
>
> listen_management = 0.0.0.0
>
> ; Whether or not to use TLS on the management interface. Note that  
> the same
> ; TLS credentials are used for both the relay and the management  
> interface
> ; connections.
> ;
> ; Default value is yes.
> ;
> management_use_tls = yes
>
> ; Specify extra checks to be performed on the relay TLS credentials  
> before
> ; considering the connection with the relay succesful. The passport is
> ; specified as a list of attribute/value pairs in the form:
> ;   AN:value[, AN:value...]
> ; where the attribute name (AN) is one of the available attribute  
> names from
> ; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The  
> value is a
> ; string that has to match with the corresponding attribute value  
> from the
> ; relay certificate. A wildcard (*) can be used in the value at the
> beginning
> ; or the end of the string to indicate that the corresponding  
> attribute from
> ; the relay certificate must end with respectively to start with the  
> given
> ; string (excluding the wildcard).
> ; For example using this passport:
> ;   passport = O:AG Projects, CN:relay*
> ; means that a connection with a relay will only be accepted if the  
> relay
> ; certificate subject has organization set to "AG Projects" and the  
> common
> ; name starts with "relay". To specify that no additional identity  
> checks
> ; need to be performed, use the keyword None. If passport is None,  
> then only
> ; the certificate signature is verified agains the certificate  
> authority in
> ; tls/ca.pem (signature is always verified even when passport is  
> None).
> ;
> ; Default value is None.
> ;
> passport = None
>
> ; This option is similar to passport above, but applies to the  
> management
> ; interface connections instead of relay connections. It specifies  
> extra
> ; checks to be performed on the TLS credentials suplied by an entity  
> that
> ; connects to the management interface. Please consult passport  
> above for
> ; a detailed description of the possible values for this option.
> ;
> ; If management_use_tls is false, this option is ignored.
> ;
> ; Default value is None.
> ;
> management_passport = None
>
> What part did I misconfigure mediaproxy?

Nothing in this config seems out of place. Did you specify the  
dispatchers in the relay section and by any chance you used the wrong  
port with them, like ip:25061 ?

--
Dan

More information about the Users mailing list