[OpenSIPS-Users] OpenSIPS as websocket client

Ihor Olkhovskyi igorolhovskiy at gmail.com
Thu Nov 2 19:52:53 UTC 2023 

Hello,
I'm a bit new (to a recent versions) to OpenSIPS and trying it to act as a
UDP - WebSocket proxy using it as an outbound proxy in SIP client (PJSUA,
if it's important)

Currently I'm using 3.4.2 version.
Config is quite simple, not far from default one.
...
socket=udp:0.0.0.0:6051
socket=wss:0.0.0.0:9443
...
loadmodule "proto_udp.so"
loadmodule "proto_tls.so"

# WebSocket part
loadmodule "proto_wss.so"

loadmodule "tls_openssl.so"
loadmodule "tls_mgm.so"

modparam("tls_mgm", "client_domain", "localhost")
modparam("tls_mgm", "certificate",
"[localhost]/etc/ssl/certs/ssl-cert-snakeoil.pem")
modparam("tls_mgm", "private_key",
"[localhost]/etc/ssl/private/ssl-cert-snakeoil.key")
modparam("tls_mgm", "ca_list",
"[localhost]/etc/ssl/certs/ca-certificates.crt")
modparam("tls_mgm", "verify_cert", "[localhost]0")
modparam("tls_mgm", "require_cert", "[localhost]0")

...
route[relay] {
    if ($socket_in(proto) == "UDP") {
        $socket_out = "wss:0.0.0.0:9443";
    } else {
        $socket_out = "udp:0.0.0.0:6051";
    }

    if (!t_relay()) {
        send_reply(500, "Internal Error");
    }
    exit;
}

I'm using most generic self-signed certs and just started to make some
experiments.
But when I'm trying just forward SIP packets to remote server, I'm getting
this in the logs

DBG:core:parse_headers: flags=ffffffffffffffff
DBG:proto_wss:proto_wss_send: no open tcp connection found, opening new one
DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384
DBG:core:probe_max_sock_buff: using snd buffer of 416 kb
DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 4
DBG:core:print_ip: tcpconn_new: new tcp connection to: <PBX_IP_ADDRESS>
DBG:core:tcpconn_new: on port 8089, proto 6
DBG:tls_mgm:tls_find_client_domain: found TLS client domain: localhost
DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl connection
DBG:tls_openssl:openssl_tls_conn_init: Setting in CONNECT mode (client)
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
ERROR:tls_openssl:openssl_tls_blocking_write: TLS send timeout (100)
ERROR:proto_wss:ws_client_handshake: cannot start handshake
ERROR:proto_wss:ws_connect: cannot complete WebSocket handshake
DBG:core:tcpconn_destroy: destroying connection 0x7f0efb106440, flags 0038
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
NOTICE:tls_openssl:verify_callback: depth = 2, verify success
NOTICE:tls_openssl:verify_callback: depth = 1, verify success
NOTICE:tls_openssl:verify_callback: depth = 0, verify success
INFO:tls_openssl:openssl_tls_connect: New TLS connection to
<PBX_IP_ADDRESS>:8089 established
DBG:tls_openssl:openssl_tls_connect: new TLS connection to
<PBX_IP_ADDRESS>:8089 using TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256
DBG:tls_openssl:openssl_tls_connect: sending socket: 0.0.0.0:37697
INFO:tls_openssl:tls_dump_cert_info: tls_connect: server TLS certificate
subject: /CN=*.pbx.company.domain, issuer: /C=GB/ST=Greater
Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation
Secure Server CA
INFO:tls_openssl:tls_dump_cert_info: tls_connect: local TLS client
certificate subject: /CN=localhost, issuer: /CN=localhost
DBG:tls_openssl:openssl_tls_write: write was successful (6 bytes)
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
DBG:tls_openssl:openssl_tls_write: write was successful (2 bytes)
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
DBG:tls_openssl:openssl_tls_conn_shutdown: first phase of 2-way handshake
completed succesfuly
ERROR:proto_wss:proto_wss_send: connect failed
ERROR:tm:msg_send: send() to <PBX_IP_ADDRESS>:8089 for proto wss/6 failed
ERROR:tm:t_forward_nonack: sending request failed
DBG:tm:t_relay_to: t_forward_nonack returned error


Server that I'm making connections to is supporting TLS and WSS transports.
If I'm changing socket type from WSS to TLS, all is working, so it's not a
TLS certificate issue or something like this.

I'm pretty sure, that I'm missing something obvious, but not really getting
what.

Would be appreciated for any hints.
-- 
Best regards,
Ihor (Igor)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20231102/7cf94302/attachment.html>

More information about the Users mailing list