[OpenSIPS-Users] tls blocking question
Ryan Delgrosso
ryandelgrosso at gmail.com
Tue Feb 19 13:50:34 EST 2019
So I have a situation where 100% of my endpoints are TLS behind NAT
bridging to UDP in core.
I have tcp_async enabled and have set tcp_no_new_conn_bflag on packets
coming from UDP side to TLS side, as well as setting it on the
registered AOR's in mid-registrar.
Setting up test scenarios I always seem to hit a wall where opensips
stops passing packets where it seems to be waiting for some kind of
timeout.
I am also seeing these messages:
Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]:
ERROR:proto_tls:tls_write: TLS write error:
Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]:
ERROR:proto_tls:tls_blocking_write: TLS failed to send data
Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]:
ERROR:proto_tls:proto_tls_send: failed to send
Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]:
ERROR:sl:msg_send: send() to 1.1.1.1:1234 for proto tls/3 failed
The IP is outside so its from a UDP to TCP flow. Is there another flag I
need to set to prevent packets from originating new TLS sessions when
none exist?
Once it gets into this state it takes 30s or so before it starts passing
packets again, but it does so from a buffer it seems since i can stop my
tls generator, wait 30s and the core side sipp instance will again begin
receiving packets.
How can I prevent opensips from blocking like this on TLS sessions?
More information about the Users
mailing list