[OpenSIPS-Users] I need some help in websocket connection error .
Sasmita Panda
spanda at 3clogic.com
Thu Jun 27 02:02:50 EDT 2019
Hi,
SSL miss configuration in client side or in opensips side . I think I have
done the configuration right .
listen=wss:192.168.143.20:443
loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_method", "tlsv1_2")
modparam("tls_mgm", "verify_cert", "0")
modparam("tls_mgm", "require_cert", "0")
modparam("tls_mgm", "certificate",
"/usr/local/etc/opensips/tls/3ccloudwebrtc2019.crt")
modparam("tls_mgm", "private_key",
"/usr/local/etc/opensips/tls/3ccloud.key")
modparam("tls_mgm", "ca_list",
"/usr/local/etc/opensips/tls/rootCA/cacert.pem")
loadmodule "proto_wss.so"
modparam("proto_wss", "wss_port", 443)
This is for wss . Is there anything I am missing in configuration ?
*Thanks & Regards*
*Sasmita Panda*
*Senior Network Testing and Software Engineer*
*3CLogic , ph:07827611765*
On Wed, Jun 26, 2019 at 8:10 PM Răzvan Crainea <razvan at opensips.org> wrote:
> TBH, all I can see in the logs you sent is that a connection was
> terminated (without even being started), and a connection that was
> started, but closed by the client. So in order to understand what's
> happening, you need to understand why the client is closing the
> connection. Check logs, documentation, anything, but this doesn't seem
> to be related to OpenSIPS, it looks like some SSL misconfiguration.
>
> Best regards,
> Răzvan
>
> On 6/26/19 4:24 PM, Sasmita Panda wrote:
> > Is there any update on this issue . How I can solve this error message
> > from my opensips logs .
> >
> >
> > */Thanks & Regards/*
> > /Sasmita Panda/
> > /Senior Network Testing and Software Engineer/
> > /3CLogic , ph:07827611765/
> >
> >
> > On Tue, Jun 25, 2019 at 3:48 PM Sasmita Panda <spanda at 3clogic.com
> > <mailto:spanda at 3clogic.com>> wrote:
> >
> > I have tried to take ssldump in the webrtc server in run time .
> >
> > New TCP connection #19: 192.168.1.y(48530) <-> 192.168.0.x(443)
> > 19 0.0011 (0.0011) C>S TCP FIN
> > 19 0.0013 (0.0001) S>C TCP FIN
> >
> > New TCP connection #20: 192.168.0.y(52975) <-> 192.168.0.x(443)
> > 20 1 0.0006 (0.0006) C>S Handshake ClientHello
> > 20 2 0.0008 (0.0002) S>C Handshake ServerHello
> > 20 3 0.0008 (0.0000) S>C Handshake Certificate
> > 20 4 0.0008 (0.0000) S>C Handshake ServerHelloDone
> > 20 5 0.0020 (0.0011) C>S Handshake ClientKeyExchange
> > 20 6 0.0020 (0.0000) C>S ChangeCipherSpec
> > 20 7 0.0020 (0.0000) C>S Handshake
> > 20 8 0.0036 (0.0015) S>C Handshake20 9 0.0036 (0.0000) S>C
> > ChangeCipherSpec
> > 20 10 0.0036 (0.0000) S>C Handshake
> > 20 11 0.0042 (0.0006) C>S Alert
> > 20 0.0042 (0.0000) C>S TCP FIN
> > 20 0.0043 (0.0000) S>C TCP FIN
> >
> > The portion I marked in red whenever appear there is error in
> > opensips logs . For below portion the connection was accepted .
> >
> > I am not even getting any error in my browser side . How I will
> > debug this ? please help .
> >
> > */Thanks & Regards/*
> > /Sasmita Panda/
> > /Senior Network Testing and Software Engineer/
> > /3CLogic , ph:07827611765/
> >
> >
> > On Fri, Jun 14, 2019 at 2:51 PM Callum Guy <callum.guy at x-on.co.uk
> > <mailto:callum.guy at x-on.co.uk>> wrote:
> >
> > You might find that a tcpdump is the only way to get to grips
> > with the underlying issue.
> >
> > Having said that I wonder if there is any chance that the
> > connection isn't accepting simply due to a cipher
> > incompatibility. Are you setting a cipher list that you know
> > your clients accept? Maybe try:
> >
> > modparam("tls_mgm", "ciphers_list",
> >
> "AES256-GCM-SHA384,AES256-SHA256,AES256-SHA,CAMELLIA256-SHA,AES128-SHA,CAMELLIA128-SHA,RC4-SHA")
> >
> >
> > On Fri, 14 Jun 2019 at 09:17, Sasmita Panda <spanda at 3clogic.com
> > <mailto:spanda at 3clogic.com>> wrote:
> >
> > I had a dedicated server for 1 Client . When that client
> > faces the issue I started looking into the logs . And this
> > is what the error I got .
> >
> > but latter on when I saw other servers which is getting used
> > by different client in that logs also same error coming
> > everyday .
> >
> > As a conclusion its happening with everybody .
> >
> > Below is the configuration .
> >
> > modparam("tls_mgm", "tls_method", "tlsv1_2")
> > modparam("tls_mgm", "verify_cert", "0")
> > modparam("tls_mgm", "require_cert", "0")
> > modparam("tls_mgm", "certificate",
> > "/usr/etc/opensips/tls/3ccloudwebrtc2019.crt")
> > modparam("tls_mgm", "private_key",
> > "/usr/etc/opensips/tls/3ccloud.key")
> > modparam("tls_mgm", "ca_list",
> > "/usr/etc/opensips/tls/rootCA/cacert.pem")
> >
> >
> >
> > */Thanks & Regards/*
> > /Sasmita Panda/
> > /Senior Network Testing and Software Engineer/
> > /3CLogic , ph:07827611765/
> >
> >
> > On Thu, Jun 13, 2019 at 6:50 PM Răzvan Crainea
> > <razvan at opensips.org <mailto:razvan at opensips.org>> wrote:
> >
> > Can you trace the SSL traffic between the two endpoints?
> > Perhaps the SSL
> > header give you a reason for not accepting the
> connection.
> > Is this happening only for certain clients, or for
> everyone?
> > Are you requiring any certificates validation?
> >
> > Best regards,
> > Răzvan
> >
> > On 6/12/19 3:34 PM, Sasmita Panda wrote:
> > > I am using opensips 2.2
> > > version: opensips 2.2.4 (x86_64/linux)
> > >
> > > I am using the proto_wss and tls_mgm module for
> > establishing websocket
> > > connection .
> > >
> > > I am getting bellow error again and again . Whats the
> > reson behind this
> > > and how can I solve this problem ?
> > >
> > >
> > > Jun 10 00:00:15 localhost /usr/sbin/opensips[1548]:
> > > INFO:core:probe_max_sock_buff: using snd buffer of
> 416 kb
> > > Jun 10 00:00:15 localhost /usr/sbin/opensips[1548]:
> > > INFO:core:init_sock_keepalive: TCP keepalive enabled
> > on socket 96
> > > Jun 10 00:00:15 localhost /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:tls_accept: New TLS connection from
> > 192.168.160.6:58616 <http://192.168.160.6:58616>
> > > <http://192.168.160.6:58616> failed to accept
> > > Jun 10 00:00:15 localhost /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:wss_read_req: cannot fix read
> connection
> > > Jun 10 00:00:17 localhost /usr/sbin/opensips[1548]:
> > > INFO:core:probe_max_sock_buff: using snd buffer of
> 416 kb
> > > Jun 10 00:00:17 localhost /usr/sbin/opensips[1548]:
> > > INFO:core:init_sock_keepalive: TCP keepalive enabled
> > on socket 96
> > > Jun 10 00:00:17 localhost /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:tls_accept: New TLS connection from
> > 192.168.175.59:12918 <http://192.168.175.59:12918>
> > > <http://192.168.175.59:12918> failed to accept
> > > Jun 10 00:00:17 localhost /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:wss_read_req: cannot fix read
> connection
> > >
> > >
> > > Please do help .
> > >
> > >
> > >
> > > */Thanks & Regards/*
> > > /Sasmita Panda/
> > > /Senior Network Testing and Software Engineer/
> > > /3CLogic , ph:07827611765/
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org
> > <mailto:Users at lists.opensips.org>
> > >
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> >
> > --
> > Răzvan Crainea
> > OpenSIPS Core Developer
> > http://www.opensips-solutions.com
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:
> Users at lists.opensips.org>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
> > *^0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> |
> > _**_^<https://www.linkedin.com/company/x-on>
> > <https://www.facebook.com/XonTel> <https://twitter.com/xonuk> *
> >
> > X-on is a trading name of Storacall Technology Ltd a limited
> > company registered in England and Wales.
> > Registered Office : Avaland House, 110 London Road, Apsley,
> > Hemel Hempstead, Herts, HP3 9SD. Company Registration No.
> 2578478.
> > The information in this e-mail is confidential and for use by
> > the addressee(s) only. If you are not the intended recipient,
> > please notify X-on immediately on +44(0)333 332 0000 and delete
> the
> > message from your computer. If you are not a named addressee you
> > must not use, disclose, disseminate, distribute, copy, print or
> > reply to this email. Views or opinions expressed by an individual
> > within this email may not necessarily reflect the views of X-on
> > or its associated companies. Although X-on routinely screens for
> > viruses, addressees should scan this email and any attachments
> > for viruses. X-on makes no representation or warranty as to the
> > absence of viruses in this email or any attachments.
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
> --
> Răzvan Crainea
> OpenSIPS Core Developer
> http://www.opensips-solutions.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190627/e72709b8/attachment-0001.html>
More information about the Users
mailing list