[OpenSIPS-Users] OpenSIPS as websocket client

Ihor Olkhovskyi igorolhovskiy at gmail.com
Sun Nov 5 11:35:39 UTC 2023 

Seems to be, default timeouts are too low.

By adding

modparam("proto_wss", "wss_handshake_timeout", 500)
modparam("proto_wss", "wss_tls_handshake_timeout", 500)

everything is working.

Le 02/11/2023 à 20:52, Ihor Olkhovskyi a écrit :
> Hello,
> I'm a bit new (to a recent versions) to OpenSIPS and trying it to act 
> as a UDP - WebSocket proxy using it as an outbound proxy in SIP client 
> (PJSUA, if it's important)
>
> Currently I'm using 3.4.2 version.
> Config is quite simple, not far from default one.
> ...
> socket=udp:0.0.0.0:6051 <http://0.0.0.0:6051>
> socket=wss:0.0.0.0:9443 <http://0.0.0.0:9443>
> ...
> loadmodule "proto_udp.so"
> loadmodule "proto_tls.so"
>
> # WebSocket part
> loadmodule "proto_wss.so"
>
> loadmodule "tls_openssl.so"
> loadmodule "tls_mgm.so"
>
> modparam("tls_mgm", "client_domain", "localhost")
> modparam("tls_mgm", "certificate", 
> "[localhost]/etc/ssl/certs/ssl-cert-snakeoil.pem")
> modparam("tls_mgm", "private_key", 
> "[localhost]/etc/ssl/private/ssl-cert-snakeoil.key")
> modparam("tls_mgm", "ca_list", 
> "[localhost]/etc/ssl/certs/ca-certificates.crt")
> modparam("tls_mgm", "verify_cert", "[localhost]0")
> modparam("tls_mgm", "require_cert", "[localhost]0")
>
> ...
> route[relay] {
>     if ($socket_in(proto) == "UDP") {
>         $socket_out = "wss:0.0.0.0:9443 <http://0.0.0.0:9443>";
>     } else {
>         $socket_out = "udp:0.0.0.0:6051 <http://0.0.0.0:6051>";
>     }
>
>     if (!t_relay()) {
>         send_reply(500, "Internal Error");
>     }
>     exit;
> }
>
> I'm using most generic self-signed certs and just started to make some 
> experiments.
> But when I'm trying just forward SIP packets to remote server, I'm 
> getting this in the logs
>
> DBG:core:parse_headers: flags=ffffffffffffffff
> DBG:proto_wss:proto_wss_send: no open tcp connection found, opening 
> new one
> DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384
> DBG:core:probe_max_sock_buff: using snd buffer of 416 kb
> DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 4
> DBG:core:print_ip: tcpconn_new: new tcp connection to: <PBX_IP_ADDRESS>
> DBG:core:tcpconn_new: on port 8089, proto 6
> DBG:tls_mgm:tls_find_client_domain: found TLS client domain: localhost
> DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl connection
> DBG:tls_openssl:openssl_tls_conn_init: Setting in CONNECT mode (client)
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> ERROR:tls_openssl:openssl_tls_blocking_write: TLS send timeout (100)
> ERROR:proto_wss:ws_client_handshake: cannot start handshake
> ERROR:proto_wss:ws_connect: cannot complete WebSocket handshake
> DBG:core:tcpconn_destroy: destroying connection 0x7f0efb106440, flags 0038
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> NOTICE:tls_openssl:verify_callback: depth = 2, verify success
> NOTICE:tls_openssl:verify_callback: depth = 1, verify success
> NOTICE:tls_openssl:verify_callback: depth = 0, verify success
> INFO:tls_openssl:openssl_tls_connect: New TLS connection to 
> <PBX_IP_ADDRESS>:8089 established
> DBG:tls_openssl:openssl_tls_connect: new TLS connection to 
> <PBX_IP_ADDRESS>:8089 using TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256
> DBG:tls_openssl:openssl_tls_connect: sending socket: 0.0.0.0:37697 
> <http://0.0.0.0:37697>
> INFO:tls_openssl:tls_dump_cert_info: tls_connect: server TLS 
> certificate subject: /CN=*.pbx.company.domain, issuer: 
> /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA 
> Domain Validation Secure Server CA
> INFO:tls_openssl:tls_dump_cert_info: tls_connect: local TLS client 
> certificate subject: /CN=localhost, issuer: /CN=localhost
> DBG:tls_openssl:openssl_tls_write: write was successful (6 bytes)
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> DBG:tls_openssl:openssl_tls_write: write was successful (2 bytes)
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> DBG:tls_openssl:openssl_tls_conn_shutdown: first phase of 2-way 
> handshake completed succesfuly
> ERROR:proto_wss:proto_wss_send: connect failed
> ERROR:tm:msg_send: send() to <PBX_IP_ADDRESS>:8089 for proto wss/6 failed
> ERROR:tm:t_forward_nonack: sending request failed
> DBG:tm:t_relay_to: t_forward_nonack returned error
>
>
> Server that I'm making connections to is supporting TLS and WSS 
> transports. If I'm changing socket type from WSS to TLS, all is 
> working, so it's not a TLS certificate issue or something like this.
>
> I'm pretty sure, that I'm missing something obvious, but not really 
> getting what.
>
> Would be appreciated for any hints.
> -- 
> Best regards,
> Ihor (Igor)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20231105/8a1c5a73/attachment.html>

More information about the Users mailing list