[OpenSIPS-Users] Error: A TLS packet with unexpected length was received.
bay2x1
rod at racequeen.ph
Tue Sep 29 02:47:42 CEST 2009
I have corrected the wrong port assigned in (25061) in the relay section on
my configuration. I have set the value for dispatcher = 172.16.100.20 (ip
of my dispatcher) -- leaving the port blank. I have already check the
version both are version 2.3.4. I am still stuck in the same error: A TLS
packet with unexpected length was received.
The only problem I see is that I cant establish the TCP part for the TLS
connection. Again I have checked the versions of both mediaproxy relay and
dispatcher to be the same 2.3.4 version.
Sep 29 08:44:15 ws20 media-dispatcher[14419]: Main loop terminated.
Sep 29 08:44:15 ws20 media-dispatcher[14481]: Log opened.
Sep 29 08:44:15 ws20 media-dispatcher[14481]: warning: startSyslog is being
deprecated and will be removed in 1.2.0. Use the start_syslog function
instead.
Sep 29 08:44:15 ws20 media-dispatcher[14481]: Starting MediaProxy Dispatcher
2.3.4
Sep 29 08:44:32 ws17 media-relay[4007]: Main loop terminated.
Sep 29 08:44:36 ws17 media-relay[4261]: Log opened.
Sep 29 08:44:36 ws17 media-relay[4261]: warning: startSyslog is being
deprecated and will be removed in 1.2.0. Use the start_syslog function
instead.
Sep 29 08:44:36 ws17 media-relay[4261]: Starting MediaProxy Relay 2.3.4
Sep 29 08:44:37 ws17 media-relay[4261]: Set resource limit for maximum open
file descriptors to 11000
Is there a command to check what version of mediaproxy i am using?
Dan Pascu wrote:
>
>
> On 25 Sep 2009, at 04:11, bay2x1 wrote:
>
>>
>> I was able to determine that the relay is using TCP.
>
> The relay _never_ uses TCP.
>
>> I am encountering this error on the mediaproxy-relay machine
>>
>> Sep 24 18:38:44 media-relay[9744]: error: Connection with
>> dispatcher at
>> xxx.xxx.xxx:25061 was lost: TCP connection timed out.
>
> This only means that it could not connect on the TCP level (TLS works
> on top of TCP, so it needs an established TCP connection before it
> starts negotiating and establishing TLS on top of it).
> In your case the first stage (establishing a TCP transport) has failed.
>
>> Sep 24 18:38:55 media-relay[9744]: error: Could not decode command/
>> sequence
>> number pair from dispatcher: error
>> Sep 24 18:39:05 media-relay[9744]: error: Could not decode command/
>> sequence
>> number pair from dispatcher: error
>> Sep 24 18:39:15 media-relay[9744]: error: Could not decode command/
>> sequence
>> number pair from dispatcher: error
>>
>
> make sure the relay and dispatcher version numbers match.
>
>> and on the mediaproxy-dispatcher
>>
>> Sep 24 18:31:46 media-dispatcher[19071]: error: Unknown command on
>> management interface: ping
>> Sep 24 18:31:56 media-dispatcher[19071]: error: Unknown command on
>> management interface: ping
>> Sep 24 18:32:06 media-dispatcher[19071]: error: Unknown command on
>> management interface: ping
>
> ping was not meant to be used on the management interface. Unless you
> manually send that command to the management interface for testing, I
> suspect that you somehow got the 2 ports mixed. There are 2 ports used
> by the dispatcher: 25060 used to listen for incoming relay connections
> and communicate with the relays; 25061 is used for the management
> interface, that can be used to obtain information about the dispatcher
> and relays. In your case it sounds as if the relay connected to the
> dispatcher management port (25061) instead of the standard relay port
> (25060)
>
>>
>> I have already set the value on the dispatcher config.ini
>>
>> listen_management = 0.0.0.0
>>
>> ; Whether or not to use TLS on the management interface. Note that
>> the same
>> ; TLS credentials are used for both the relay and the management
>> interface
>> ; connections.
>> ;
>> ; Default value is yes.
>> ;
>> management_use_tls = yes
>>
>> ; Specify extra checks to be performed on the relay TLS credentials
>> before
>> ; considering the connection with the relay succesful. The passport is
>> ; specified as a list of attribute/value pairs in the form:
>> ; AN:value[, AN:value...]
>> ; where the attribute name (AN) is one of the available attribute
>> names from
>> ; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The
>> value is a
>> ; string that has to match with the corresponding attribute value
>> from the
>> ; relay certificate. A wildcard (*) can be used in the value at the
>> beginning
>> ; or the end of the string to indicate that the corresponding
>> attribute from
>> ; the relay certificate must end with respectively to start with the
>> given
>> ; string (excluding the wildcard).
>> ; For example using this passport:
>> ; passport = O:AG Projects, CN:relay*
>> ; means that a connection with a relay will only be accepted if the
>> relay
>> ; certificate subject has organization set to "AG Projects" and the
>> common
>> ; name starts with "relay". To specify that no additional identity
>> checks
>> ; need to be performed, use the keyword None. If passport is None,
>> then only
>> ; the certificate signature is verified agains the certificate
>> authority in
>> ; tls/ca.pem (signature is always verified even when passport is
>> None).
>> ;
>> ; Default value is None.
>> ;
>> passport = None
>>
>> ; This option is similar to passport above, but applies to the
>> management
>> ; interface connections instead of relay connections. It specifies
>> extra
>> ; checks to be performed on the TLS credentials suplied by an entity
>> that
>> ; connects to the management interface. Please consult passport
>> above for
>> ; a detailed description of the possible values for this option.
>> ;
>> ; If management_use_tls is false, this option is ignored.
>> ;
>> ; Default value is None.
>> ;
>> management_passport = None
>>
>> What part did I misconfigure mediaproxy?
>
> Nothing in this config seems out of place. Did you specify the
> dispatchers in the relay section and by any chance you used the wrong
> port with them, like ip:25061 ?
>
> --
> Dan
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-----
http://opensips.blogspot.com http://opensips.blogspot.com
--
View this message in context: http://n2.nabble.com/Error-A-TLS-packet-with-unexpected-length-was-received-tp3415244p3732822.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
More information about the Users
mailing list