[OpenSIPS-Users] OpenSIPS as websocket client
Ihor Olkhovskyi
igorolhovskiy at gmail.com
Sun Nov 5 11:35:39 UTC 2023
Seems to be, default timeouts are too low.
By adding
modparam("proto_wss", "wss_handshake_timeout", 500)
modparam("proto_wss", "wss_tls_handshake_timeout", 500)
everything is working.
Le 02/11/2023 à 20:52, Ihor Olkhovskyi a écrit :
> Hello,
> I'm a bit new (to a recent versions) to OpenSIPS and trying it to act
> as a UDP - WebSocket proxy using it as an outbound proxy in SIP client
> (PJSUA, if it's important)
>
> Currently I'm using 3.4.2 version.
> Config is quite simple, not far from default one.
> ...
> socket=udp:0.0.0.0:6051 <http://0.0.0.0:6051>
> socket=wss:0.0.0.0:9443 <http://0.0.0.0:9443>
> ...
> loadmodule "proto_udp.so"
> loadmodule "proto_tls.so"
>
> # WebSocket part
> loadmodule "proto_wss.so"
>
> loadmodule "tls_openssl.so"
> loadmodule "tls_mgm.so"
>
> modparam("tls_mgm", "client_domain", "localhost")
> modparam("tls_mgm", "certificate",
> "[localhost]/etc/ssl/certs/ssl-cert-snakeoil.pem")
> modparam("tls_mgm", "private_key",
> "[localhost]/etc/ssl/private/ssl-cert-snakeoil.key")
> modparam("tls_mgm", "ca_list",
> "[localhost]/etc/ssl/certs/ca-certificates.crt")
> modparam("tls_mgm", "verify_cert", "[localhost]0")
> modparam("tls_mgm", "require_cert", "[localhost]0")
>
> ...
> route[relay] {
> if ($socket_in(proto) == "UDP") {
> $socket_out = "wss:0.0.0.0:9443 <http://0.0.0.0:9443>";
> } else {
> $socket_out = "udp:0.0.0.0:6051 <http://0.0.0.0:6051>";
> }
>
> if (!t_relay()) {
> send_reply(500, "Internal Error");
> }
> exit;
> }
>
> I'm using most generic self-signed certs and just started to make some
> experiments.
> But when I'm trying just forward SIP packets to remote server, I'm
> getting this in the logs
>
> DBG:core:parse_headers: flags=ffffffffffffffff
> DBG:proto_wss:proto_wss_send: no open tcp connection found, opening
> new one
> DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384
> DBG:core:probe_max_sock_buff: using snd buffer of 416 kb
> DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 4
> DBG:core:print_ip: tcpconn_new: new tcp connection to: <PBX_IP_ADDRESS>
> DBG:core:tcpconn_new: on port 8089, proto 6
> DBG:tls_mgm:tls_find_client_domain: found TLS client domain: localhost
> DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl connection
> DBG:tls_openssl:openssl_tls_conn_init: Setting in CONNECT mode (client)
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> ERROR:tls_openssl:openssl_tls_blocking_write: TLS send timeout (100)
> ERROR:proto_wss:ws_client_handshake: cannot start handshake
> ERROR:proto_wss:ws_connect: cannot complete WebSocket handshake
> DBG:core:tcpconn_destroy: destroying connection 0x7f0efb106440, flags 0038
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> NOTICE:tls_openssl:verify_callback: depth = 2, verify success
> NOTICE:tls_openssl:verify_callback: depth = 1, verify success
> NOTICE:tls_openssl:verify_callback: depth = 0, verify success
> INFO:tls_openssl:openssl_tls_connect: New TLS connection to
> <PBX_IP_ADDRESS>:8089 established
> DBG:tls_openssl:openssl_tls_connect: new TLS connection to
> <PBX_IP_ADDRESS>:8089 using TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256
> DBG:tls_openssl:openssl_tls_connect: sending socket: 0.0.0.0:37697
> <http://0.0.0.0:37697>
> INFO:tls_openssl:tls_dump_cert_info: tls_connect: server TLS
> certificate subject: /CN=*.pbx.company.domain, issuer:
> /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA
> Domain Validation Secure Server CA
> INFO:tls_openssl:tls_dump_cert_info: tls_connect: local TLS client
> certificate subject: /CN=localhost, issuer: /CN=localhost
> DBG:tls_openssl:openssl_tls_write: write was successful (6 bytes)
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> DBG:tls_openssl:openssl_tls_write: write was successful (2 bytes)
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> DBG:tls_openssl:openssl_tls_conn_shutdown: first phase of 2-way
> handshake completed succesfuly
> ERROR:proto_wss:proto_wss_send: connect failed
> ERROR:tm:msg_send: send() to <PBX_IP_ADDRESS>:8089 for proto wss/6 failed
> ERROR:tm:t_forward_nonack: sending request failed
> DBG:tm:t_relay_to: t_forward_nonack returned error
>
>
> Server that I'm making connections to is supporting TLS and WSS
> transports. If I'm changing socket type from WSS to TLS, all is
> working, so it's not a TLS certificate issue or something like this.
>
> I'm pretty sure, that I'm missing something obvious, but not really
> getting what.
>
> Would be appreciated for any hints.
> --
> Best regards,
> Ihor (Igor)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20231105/8a1c5a73/attachment.html>
More information about the Users
mailing list