[OpenSIPS-Users] MS team issue
Răzvan Crainea
razvan at opensips.org
Mon May 10 07:39:39 EST 2021
Hi, Miha!
According to your logs, opensips is 100% sending the OPTIONS through
tls, but I am not sure it is using the right certificate.
You can try to setup sip trace and see the communication between
opensips and MSTeams.
Best regards,
Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 5/10/21 9:54 AM, Miha via Users wrote:
> Hello
>
> I have used letsenrypt for generating certs for Opensips.
>
> Regarding configuration i have fallowed your configuration steps on
> OpenSips blog.
>
> socket=udp:xxx.xxx.xxx.xxx:5060 # CUSTOMIZE ME
> socket=tls:xxx.xxx.xxx.xxx:5061
>
>
>
>
> ### Proto TLS
> loadmodule "proto_tls.so"
> modparam("proto_tls", "tls_handshake_timeout", 300)
> #### TLS module
> loadmodule "tls_mgm.so"
> #modparam("tls_mgm", "db_url", "mysql://root:xxxx@localhost/opensips")
> modparam("tls_mgm", "client_sip_domain_avp", "mtsbcs.test.com")
> modparam("tls_mgm", "server_domain", "mt")
> #modparam("tls_mgm", "match_ip_address", "[mt]xxx.xxx.xxx.xxx:5061")
> #modparam("tls_mgm", "match_sip_domain", "[mt]mtsbcs.test.com")
> modparam("tls_mgm", "certificate",
> "[mt]/etc/letsencrypt/live/mtsbcs.test.com/cert.pem")
> modparam("tls_mgm", "private_key",
> "[mt]/etc/letsencrypt/live/mtsbcs.test.com/privkey.pem")
> modparam("tls_mgm", "ca_list", "[mt]/etc/ssl/certs/ca-certificates.crt")
> modparam("tls_mgm", "ca_dir", "[mt]/etc/ssl/certs/")
> modparam("tls_mgm","verify_cert", "[mt]1")
> modparam("tls_mgm","require_cert", "[mt]1")
> modparam("tls_mgm","tls_method", "[mt]TLSv1_2")
> modparam("proto_tls", "tls_max_msg_chunks", 8)
> #modparam("tls_mgm", "tls_handshake_timeout", 300)
>
> if(is_method("OPTIONS") && is_domain_local("$rd") &&
> check_source_address(0)) {
> xlog("L_INFO", "[MS TEAMS] OPTIONS In");
> send_reply(200, "OK");
> exit;
> }
>
>
> local_route {
> $var(dst) = "pstnhub.microsoft.com";
> xlog("L_INFO","promding TEST");
> xlog("TESTING");
> if (is_method("OPTIONS") && ($(ru{s.index, $var(dst)}) != NULL))
> append_hf("Contact: <sip:mtsbcs.test.com:5061;transport=tls>\r\n");
> xlog("L_INFO", "SEDING OPTIONS TO SBC");
> }
>
>
> I thnk that the main issue is that OPENSIPS does not send encrypted
> OPTION to MS teams.
>
> Logs:
>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac:
> next_hop=<sip:sip.pstnhub.microsoft.com>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:mk_proxy: doing DNS lookup...
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:sip_resolvehost: no port,
> has proto -> do SRV lookup!
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup: resolving
> [sip.pstnhub.microsoft.com]
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:do_srv_lookup:
> SRV(_sips._tcp.sip.pstnhub.microsoft.com) = sip.pstnhub.microsoft.com:5061
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
> sip2.pstnhub.microsoft.com:5061
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:a2dns_node: storing
> sip3.pstnhub.microsoft.com:5061
> May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:t_uac: sending socket is
> 212.13.249.132
> May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:print_request_uri:
> sip:sip.pstnhub.microsoft.com
> May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: building
> sip_msg from buffer
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: SIP Request:
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: method: <OPTIONS>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: uri:
> <sip:sip.pstnhub.microsoft.com>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_msg: version: <SIP/2.0>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> flags=ffffffffffffffff
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via_param: found
> param type 232, <branch> = <z9hG4bK8d8a.3706b135.0>; state=16
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_via: end of header
> reached, state=5
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: via found,
> flags=ffffffffffffffff
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: this is
> the first via
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: end of header
> reached, state=9
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:_parse_to: display={},
> ruri={sip:sip.pstnhub.microsoft.com}
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: <To> [31];
> uri=[sip:sip.pstnhub.microsoft.com]
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: to body
> [sip:sip.pstnhub.microsoft.com#015#012]
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: cseq
> <CSeq>: <14> <OPTIONS>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field:
> content_length=0
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:get_hdr_field: found end
> of header
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> flags=ffffffffffffffff
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=78
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> flags=ffffffffffffffff
> May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:run_local_route: Change in
> local route -> rebuilding buffer
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:parse_headers:
> flags=ffffffffffffffff
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: flags = 15
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 2
> extracted as <To: sip:sip.pstnhub.microsoft.com#015#012>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 1
> extracted as <From:
> <sip:prober at localhost>;tag=a665d66adab06c7308a33b8567de92d6-f627#015#012>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:extract_ftc_hdrs: hdr 8
> extracted as <Call-ID: 12e30be047c27077-1020 at 212.13.249.132#015#012>
> May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
> open tcp connection found, opening new one
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> getsockopt: snd is initially 16384
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> using snd buffer of 416 kb
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
> keepalive enabled on socket 5
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
> new tcp connection to: 52.114.75.24
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
> 5061, proto 3
> May 10 08:53:10 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
> Creating a whole new ssl connection
> May 10 08:53:10 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
> destroying connection 0x7f45d7e08078, flags 0018
> May 10 08:53:10 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [0]:
> 0x7f45d7e066b0 (1625)
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:timer_routine: timer
> routine:0,tl=0x7f45d7e066b0 next=(nil), timeout=1625
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler:
> Cancel sent out, sending 408 (0x7f45d7e06460)
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
> T_code=0, new_code=408
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_pick_branch: picked
> branch 0, code 408 (prio=800)
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:is_3263_failure:
> dns-failover test: branch=0, last_recv=408, flags=0
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:t_should_relay_response:
> trying DNS-based failover
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:do_dns_failover: new
> destination available
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers: flags=2000
> May 10 08:53:15 mtsbc opensips[1020]:
> DBG:core:build_req_buf_from_sip_req: id added: <;i=0>, rcv proto=3
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:parse_headers:
> flags=ffffffffffffffff
> May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
> open tcp connection found, opening new one
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> getsockopt: snd is initially 16384
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> using snd buffer of 416 kb
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
> keepalive enabled on socket 5
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
> new tcp connection to: 52.114.132.46
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
> 5061, proto 3
> May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
> Creating a whole new ssl connection
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
> destroying connection 0x7f45d7e08078, flags 0018
> May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:proto_tls_send: no
> open tcp connection found, opening new one
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> getsockopt: snd is initially 16384
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:probe_max_sock_buff:
> using snd buffer of 416 kb
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:init_sock_keepalive: TCP
> keepalive enabled on socket 5
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:print_ip: tcpconn_new:
> new tcp connection to: 52.114.14.70
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_new: on port
> 5061, proto 3
> May 10 08:53:15 mtsbc opensips[1020]: DBG:proto_tls:tls_conn_init:
> Creating a whole new ssl connection
> May 10 08:53:15 mtsbc opensips[1020]: DBG:core:tcpconn_destroy:
> destroying connection 0x7f45d7e08078, flags 0018
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: branch=0,
> save=0, winner=0
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:local_reply: local
> transaction completed
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:run_trans_callbacks:
> trans=0x7f45d7e06460, callback type 256, id 0 entered
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:insert_timer_unsafe: [2]:
> 0x7f45d7e064e0 (1630)
> May 10 08:53:15 mtsbc opensips[1020]: DBG:tm:final_response_handler: done
>
>
>
> Thank you
> miha
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list