[OpenSIPS-Users] SIP TLS Stateless Proxy not working

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Apr 30 11:37:52 CEST 2013 

Hello Sharad,

As the problem is when making calls, could you check if:
     1) the call gets to opensips (from caller)
     2) what is the received RURI
     3) if call is correctly routed via USRLOC (I guess you make a call 
between 2 users)
     4) print the RURI just before sending the call out (before the t_relay)
     5) check the opensips log for errors.
     6) check the ongoing TCP conns from opensips (netstat -tlnp | grep 
opensips)

Maybe OpenSIPS cannot deliver the call to callee device as (1) there is 
a mismatching between the registered contact (proto, port, etc) and 
existing TLS connection or (2) the TLS connection for callee already died.

Best regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com


On 04/30/2013 09:29 AM, Sharad Pratap wrote:
> Hi All,
>
> I need to setup a SIP TLS Stateless Proxy Server using opensips
>
> In test setup I have two machines SL, SS and two soft phones PH1, PH2
>
> SL: machine 172.16.8.79   is working as Stateless Proxy using opensips
>
> SS: machine 172.16.8.24   is working main Sip Proxy server, which is
>                           also working as Registrar using opensips
>
> Both phones are minisip_gtkgui soft phones
> both are running on SIP server machine 172.16.8.24
> and each have two users profiles,
>
> for udp udpproxytest1 , for tls tlsproxytest1 on Phone PH1
>
> for udp udpproxytest2 , for tls tlsproxytest2 on Phone PH2
>
> Phone PH1:
> Profile udpproxytest1
>  SIP url is sip:udpproxytest1 at 172.16.8.24 
> <mailto:sip%3Audpproxytest1 at 172.16.8.24>
>  username: udpproxytest1
>  password: udpproxytest1
>  Outbound proxy
>    SIPProxy:          172.16.8.79
>    Network Port:      5060
>    Transport Method:  UDP
>
> Profile tlsproxytest1
>  SIP url is sips:tlsproxytest1 at 172.16.8.24 
> <mailto:sips%3Atlsproxytest1 at 172.16.8.24>
>  username: tlsproxytest1
>  password: tlsproxytest1
>  Outbound proxy
>    SIPProxy:          172.16.8.79
>    Network Port:      5061
>    Transport Method:  TLS
>
> Phone PH2:
> Profile udpproxytest2
>  SIP url is sip:udpproxytest2 at 172.16.8.24 
> <mailto:sip%3Audpproxytest2 at 172.16.8.24>
>  username: udpproxytest2
>  password: udpproxytest2
>  Outbound proxy
>    SIPProxy:          172.16.8.79
>    Network Port:      5060
>    Transport Method:  UDP
>
> Profile tlsproxytest2
>  SIP url is sips:tlsproxytest2 at 172.16.8.24 
> <mailto:sips%3Atlsproxytest2 at 172.16.8.24>
>  username: tlsproxytest2
>  password: tlsproxytest2
>  Outbound proxy
>    SIPProxy:          172.16.8.79
>    Network Port:      5061
>    Transport Method:  TLS
>
>
> When I test with users who uses UDP transport
> I am able to successfully Register and Invite and make call.
>
>
> But in case of TLS only Registration get succeed, but Call
> failed with "Remote side Rejected call".
>
> NOTE:
> ,----
> | Please note here is some problem with minisip phones that in case of
> | TLS transport they register with Contact that have transport=tcp that I
> | have to change manually using
> |
> |    opensipsctl ul add
> |    opensipsctl ul rm
> |
> | command keeping same ports that was registered earlier.
> `----
>
> I also noticed in case TLS call the port designated in Contact uri in
> time of registration are not open (that may be the reason for failed call)
>
> Anybody could please let me know when Stateless Proxy could
> successfully work in UDP than what problem causing failure of call in
> TLS.
>
> I have included link to the logs for both UDP and TLS session.
>
> In all logs my comments are also there starting with DateTime and Sharad:
> like
>   26Apr2013-11:33:51 Sharad:  Starting test on udp
>
> in comment I have informed when I am going to do a operation like
> register or call.
>
> For generating certificate I have followed
> http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html#AEN118
>
> I have generated main server certificate with
>   /usr/local/sbin/opensipsctl tls rootCA
>   /usr/local/sbin/opensipsctl tls userCERT mainserver
> in sslmainserver-tls.tar dir
>
> I have generated stateless proxy server certificate with
>   /usr/local/sbin/opensipsctl tls rootCA
>   /usr/local/sbin/opensipsctl tls userCERT slproxy
> in sslslproxy-tls.tar dir
>
> Both generated certificate I have installed in both phones.
>
> Logs and Config Files are at
> https://drive.google.com/folderview?id=0B4zwpbVQ5V3gMHl2SlVBUjR6NEU&usp=sharing 
> <https://drive.google.com/folderview?id=0B4zwpbVQ5V3gMHl2SlVBUjR6NEU&usp=sharing>
>
> sipSLproxy-udp.log: UDP Stateless Proxy Log
> sipserver-udp.log:  UDP Main SIP Proxy Log
> phone1-udp.log:     UDP Phone1 Log
> phone2-udp.log:     UDP Phone2 Log
>
> sipSLproxy-tls.log: TLS Stateless Proxy Log
> sipserver-tls.log:  TLS Main SIP Proxy Log
> phone1-tls.log:     TLS Phone1 Log
> phone2-tls.log:     TLS Phone2 Log
>
> SIPSERVER-opensips.cfg:           SIP Server opensips.cfg
> SIP-STATELESS-Proxy-opensips.cfg: SIP Stateless proxy opensips.cfg
>
> sslslproxy-tls.tar:    etc/opensips/tls dir for Stateless Proxy
>                        also have used certificate
> sslmainserver-tls.tar: etc/opensips/tls dir for Main SIP Server
>                        also have used certificate
> --
> Regards,
> -sharad
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130430/ac768083/attachment.htm>

More information about the Users mailing list