[OpenSIPS-Users] I need some help in websocket connection error .

Sasmita Panda spanda at 3clogic.com
Tue Jun 25 06:18:55 EDT 2019


I have tried to take ssldump in the webrtc server in run time .

New TCP connection #19: 192.168.1.y(48530) <-> 192.168.0.x(443)
19    0.0011 (0.0011)  C>S  TCP FIN
19    0.0013 (0.0001)  S>C  TCP FIN

New TCP connection #20: 192.168.0.y(52975) <-> 192.168.0.x(443)
20 1  0.0006 (0.0006)  C>S  Handshake      ClientHello
20 2  0.0008 (0.0002)  S>C  Handshake      ServerHello
20 3  0.0008 (0.0000)  S>C  Handshake      Certificate
20 4  0.0008 (0.0000)  S>C  Handshake      ServerHelloDone
20 5  0.0020 (0.0011)  C>S  Handshake      ClientKeyExchange
20 6  0.0020 (0.0000)  C>S  ChangeCipherSpec
20 7  0.0020 (0.0000)  C>S  Handshake
20 8  0.0036 (0.0015)  S>C  Handshake20 9  0.0036 (0.0000)  S>C
 ChangeCipherSpec
20 10 0.0036 (0.0000)  S>C  Handshake
20 11 0.0042 (0.0006)  C>S  Alert
20    0.0042 (0.0000)  C>S  TCP FIN
20    0.0043 (0.0000)  S>C  TCP FIN

The portion I marked in red whenever appear there is error in opensips
logs  . For below portion the connection was accepted  .

I am not even getting any error  in my browser side .  How I will debug
this ? please help .

*Thanks & Regards*
*Sasmita Panda*
*Senior Network Testing and Software Engineer*
*3CLogic , ph:07827611765*


On Fri, Jun 14, 2019 at 2:51 PM Callum Guy <callum.guy at x-on.co.uk> wrote:

> You might find that a tcpdump is the only way to get to grips with the
> underlying issue.
>
> Having said that I wonder if there is any chance that the connection isn't
> accepting simply due to a cipher incompatibility. Are you setting a cipher
> list that you know your clients accept? Maybe try:
>
> modparam("tls_mgm", "ciphers_list",
> "AES256-GCM-SHA384,AES256-SHA256,AES256-SHA,CAMELLIA256-SHA,AES128-SHA,CAMELLIA128-SHA,RC4-SHA")
>
>
> On Fri, 14 Jun 2019 at 09:17, Sasmita Panda <spanda at 3clogic.com> wrote:
>
>> I had a dedicated server for 1 Client . When that client faces the issue
>> I started looking into the logs . And this is what the error I got .
>>
>> but latter on when I saw other servers which is getting used by different
>> client in that logs also same error coming everyday .
>>
>> As a conclusion its happening with everybody .
>>
>> Below is the configuration .
>>
>> modparam("tls_mgm", "tls_method", "tlsv1_2")
>> modparam("tls_mgm", "verify_cert", "0")
>> modparam("tls_mgm", "require_cert", "0")
>> modparam("tls_mgm", "certificate",
>> "/usr/etc/opensips/tls/3ccloudwebrtc2019.crt")
>> modparam("tls_mgm", "private_key", "/usr/etc/opensips/tls/3ccloud.key")
>> modparam("tls_mgm", "ca_list", "/usr/etc/opensips/tls/rootCA/cacert.pem")
>>
>>
>>
>> *Thanks & Regards*
>> *Sasmita Panda*
>> *Senior Network Testing and Software Engineer*
>> *3CLogic , ph:07827611765*
>>
>>
>> On Thu, Jun 13, 2019 at 6:50 PM Răzvan Crainea <razvan at opensips.org>
>> wrote:
>>
>>> Can you trace the SSL traffic between the two endpoints? Perhaps the SSL
>>> header give you a reason for not accepting the connection.
>>> Is this happening only for certain clients, or for everyone?
>>> Are you requiring any certificates validation?
>>>
>>> Best regards,
>>> Răzvan
>>>
>>> On 6/12/19 3:34 PM, Sasmita Panda wrote:
>>> > I am using opensips 2.2
>>> >   version: opensips 2.2.4 (x86_64/linux)
>>> >
>>> > I am using the proto_wss and tls_mgm module for establishing websocket
>>> > connection .
>>> >
>>> > I am getting bellow error again and again . Whats the reson behind
>>> this
>>> > and how can I solve this problem ?
>>> >
>>> >
>>> > Jun 10 00:00:15 localhost /usr/sbin/opensips[1548]:
>>> > INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
>>> > Jun 10 00:00:15 localhost /usr/sbin/opensips[1548]:
>>> > INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 96
>>> > Jun 10 00:00:15 localhost /usr/sbin/opensips[1546]:
>>> > ERROR:proto_wss:tls_accept: New TLS connection from
>>> 192.168.160.6:58616
>>> > <http://192.168.160.6:58616> failed to accept
>>> > Jun 10 00:00:15 localhost /usr/sbin/opensips[1546]:
>>> > ERROR:proto_wss:wss_read_req: cannot fix read connection
>>> > Jun 10 00:00:17 localhost /usr/sbin/opensips[1548]:
>>> > INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
>>> > Jun 10 00:00:17 localhost /usr/sbin/opensips[1548]:
>>> > INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 96
>>> > Jun 10 00:00:17 localhost /usr/sbin/opensips[1546]:
>>> > ERROR:proto_wss:tls_accept: New TLS connection from
>>> 192.168.175.59:12918
>>> > <http://192.168.175.59:12918> failed to accept
>>> > Jun 10 00:00:17 localhost /usr/sbin/opensips[1546]:
>>> > ERROR:proto_wss:wss_read_req: cannot fix read connection
>>> >
>>> >
>>> > Please do help .
>>> >
>>> >
>>> >
>>> > */Thanks & Regards/*
>>> > /Sasmita Panda/
>>> > /Senior Network Testing and Software Engineer/
>>> > /3CLogic , ph:07827611765/
>>> >
>>> > _______________________________________________
>>> > Users mailing list
>>> > Users at lists.opensips.org
>>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> >
>>>
>>> --
>>> Răzvan Crainea
>>> OpenSIPS Core Developer
>>>    http://www.opensips-solutions.com
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> *0333 332 0000  |  www.x-on.co.uk <http://www.x-on.co.uk>  |   **
> <https://www.linkedin.com/company/x-on>   <https://www.facebook.com/XonTel>
>   <https://twitter.com/xonuk> *
>
> X-on is a trading name of Storacall Technology Ltd a limited company
> registered in England and Wales.
> Registered Office : Avaland House, 110 London Road, Apsley, Hemel
> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
> The information in this e-mail is confidential and for use by the
> addressee(s) only. If you are not the intended recipient, please notify
> X-on immediately on +44(0)333 332 0000 and delete the
> message from your computer. If you are not a named addressee you must not
> use, disclose, disseminate, distribute, copy, print or reply to this email. Views
> or opinions expressed by an individual
> within this email may not necessarily reflect the views of X-on or its
> associated companies. Although X-on routinely screens for viruses,
> addressees should scan this email and any attachments
> for viruses. X-on makes no representation or warranty as to the absence of
> viruses in this email or any attachments.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190625/994ca2f1/attachment-0001.html>


More information about the Users mailing list