[OpenSIPS-Users] MS team issue

Miha miha at softnet.si
Mon May 10 06:54:11 EST 2021 

Hello

I have used letsenrypt for generating certs for Opensips.

Regarding configuration i have fallowed your configuration steps on 
OpenSips blog.

socket=udp:xxx.xxx.xxx.xxx:5060   # CUSTOMIZE ME
socket=tls:xxx.xxx.xxx.xxx:5061




### Proto TLS
loadmodule "proto_tls.so"
modparam("proto_tls", "tls_handshake_timeout", 300)
#### TLS module
loadmodule "tls_mgm.so"
#modparam("tls_mgm", "db_url", "mysql://root:xxxx@localhost/opensips")
modparam("tls_mgm", "client_sip_domain_avp", "mtsbcs.test.com")
modparam("tls_mgm", "server_domain", "mt")
#modparam("tls_mgm", "match_ip_address", "[mt]xxx.xxx.xxx.xxx:5061")
#modparam("tls_mgm", "match_sip_domain", "[mt]mtsbcs.test.com")
modparam("tls_mgm", "certificate", 
"[mt]/etc/letsencrypt/live/mtsbcs.test.com/cert.pem")
modparam("tls_mgm", "private_key", 
"[mt]/etc/letsencrypt/live/mtsbcs.test.com/privkey.pem")
modparam("tls_mgm", "ca_list", "[mt]/etc/ssl/certs/ca-certificates.crt")
modparam("tls_mgm", "ca_dir", "[mt]/etc/ssl/certs/")
modparam("tls_mgm","verify_cert", "[mt]1")
modparam("tls_mgm","require_cert", "[mt]1")
modparam("tls_mgm","tls_method", "[mt]TLSv1_2")
modparam("proto_tls", "tls_max_msg_chunks", 8)
#modparam("tls_mgm", "tls_handshake_timeout", 300)

         if(is_method("OPTIONS") && is_domain_local("$rd") && 
check_source_address(0)) {
                 xlog("L_INFO", "[MS TEAMS] OPTIONS In");
                 send_reply(200, "OK");
                 exit;
         }


local_route {
   $var(dst) = "pstnhub.microsoft.com";
   xlog("L_INFO","promding TEST");
   xlog("TESTING");
   if (is_method("OPTIONS") && ($(ru{s.index, $var(dst)}) != NULL))
     append_hf("Contact: <sip:mtsbcs.test.com:5061;transport=tls>\r\n");
     xlog("L_INFO", "SEDING OPTIONS TO SBC");
}


I thnk that the main issue is that OPENSIPS does not send encrypted 
OPTION to MS teams.

Logs:

May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: 
next_hop=<sip:sip.pstnhub.microsoft.com>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:mk_proxy: doing DNS lookup...
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:sip_resolvehost: no port, 
has proto -> do SRV lookup!
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup: resolving 
[sip.pstnhub.microsoft.com]
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup: 
SRV(_sips._tcp.sip.pstnhub.microsoft.com) = sip.pstnhub.microsoft.com:5061
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing 
sip2.pstnhub.microsoft.com:5061
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing 
sip3.pstnhub.microsoft.com:5061
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: sending socket is 
212.13.249.132
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:print_request_uri: 
sip:sip.pstnhub.microsoft.com
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: building 
sip_msg from buffer
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: SIP Request:
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: method:  <OPTIONS>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: uri:     
<sip:sip.pstnhub.microsoft.com>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: version: <SIP/2.0>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: 
flags=ffffffffffffffff
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via_param: found 
param type 232, <branch> = <z9hG4bK8d8a.3706b135.0>; state=16
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via: end of header 
reached, state=5
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: via found, 
flags=ffffffffffffffff
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: this is 
the first via
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: end of header 
reached, state=9
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: display={}, 
ruri={sip:sip.pstnhub.microsoft.com}
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: <To> [31]; 
uri=[sip:sip.pstnhub.microsoft.com]
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: to body 
[sip:sip.pstnhub.microsoft.com#015#012]
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: cseq 
<CSeq>: <14> <OPTIONS>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: 
content_length=0
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: found end 
of header
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: 
flags=ffffffffffffffff
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=78
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: 
flags=ffffffffffffffff
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: Change in 
local route -> rebuilding buffer
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: 
flags=ffffffffffffffff
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: flags = 15
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 2 
extracted as <To: sip:sip.pstnhub.microsoft.com#015#012>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 1 
extracted as <From: 
<sip:prober at localhost>;tag=a665d66adab06c7308a33b8567de92d6-f627#015#012>
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 8 
extracted as <Call-ID: 12e30be047c27077-1020 at 212.13.249.132#015#012>
May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no 
open tcp connection found, opening new one
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: 
getsockopt: snd is initially 16384
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: 
using snd buffer of 416 kb
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP 
keepalive enabled on socket 5
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new: 
new tcp connection to: 52.114.75.24
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port 
5061, proto 3
May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init: 
Creating a whole new ssl connection
May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_destroy: 
destroying connection 0x7f45d7e08078, flags 0018
May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [0]: 
0x7f45d7e066b0 (1625)
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:timer_routine: timer 
routine:0,tl=0x7f45d7e066b0 next=(nil), timeout=1625
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler: 
Cancel sent out, sending 408 (0x7f45d7e06460)
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response: 
T_code=0, new_code=408
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_pick_branch: picked 
branch 0, code 408 (prio=800)
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:is_3263_failure: 
dns-failover test: branch=0, last_recv=408, flags=0
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response: 
trying DNS-based failover
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:do_dns_failover: new 
destination available
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
May 10 08:53:15 mtsbc opensips[1020]: 
DBG:core:build_req_buf_from_sip_req: id added: <;i=0>, rcv proto=3
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers: 
flags=ffffffffffffffff
May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no 
open tcp connection found, opening new one
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: 
getsockopt: snd is initially 16384
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: 
using snd buffer of 416 kb
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP 
keepalive enabled on socket 5
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new: 
new tcp connection to: 52.114.132.46
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port 
5061, proto 3
May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init: 
Creating a whole new ssl connection
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy: 
destroying connection 0x7f45d7e08078, flags 0018
May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no 
open tcp connection found, opening new one
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: 
getsockopt: snd is initially 16384
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff: 
using snd buffer of 416 kb
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP 
keepalive enabled on socket 5
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new: 
new tcp connection to: 52.114.14.70
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port 
5061, proto 3
May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init: 
Creating a whole new ssl connection
May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy: 
destroying connection 0x7f45d7e08078, flags 0018
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: branch=0, 
save=0, winner=0
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: local 
transaction completed
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:run_trans_callbacks: 
trans=0x7f45d7e06460, callback type 256, id 0 entered
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [2]: 
0x7f45d7e064e0 (1630)
May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler: done



Thank you
miha

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210510/970035f6/attachment.html>

More information about the Users mailing list