<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Hello Sharad,<br>
<br>
As the problem is when making calls, could you check if:<br>
1) the call gets to opensips (from caller)<br>
2) what is the received RURI<br>
3) if call is correctly routed via USRLOC (I guess you make a
call between 2 users)<br>
4) print the RURI just before sending the call out (before the
t_relay)<br>
5) check the opensips log for errors.<br>
6) check the ongoing TCP conns from opensips (netstat -tlnp |
grep opensips)<br>
<br>
Maybe OpenSIPS cannot deliver the call to callee device as (1)
there is a mismatching between the registered contact (proto,
port, etc) and existing TLS connection or (2) the TLS connection
for callee already died.<br>
<br>
Best regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<br>
On 04/30/2013 09:29 AM, Sharad Pratap wrote:
<blockquote
cite="mid:CAPmWJJun0tyetwy9SM6UK8A-4jwwuXJB7_G060DZLt06wUNcvQ@mail.gmail.com"
type="cite">Hi All,<br>
<br>
I need to setup a SIP TLS Stateless Proxy Server using opensips<br>
<br>
In test setup I have two machines SL, SS and two soft phones PH1,
PH2<br>
<br>
SL: machine 172.16.8.79 is working as Stateless Proxy using
opensips<br>
<br>
SS: machine 172.16.8.24 is working main Sip Proxy server, which
is<br>
also working as Registrar using opensips<br>
<br>
Both phones are minisip_gtkgui soft phones<br>
both are running on SIP server machine 172.16.8.24<br>
and each have two users profiles,<br>
<br>
for udp udpproxytest1 , for tls tlsproxytest1 on Phone PH1<br>
<br>
for udp udpproxytest2 , for tls tlsproxytest2 on Phone PH2<br>
<br>
Phone PH1:<br>
Profile udpproxytest1<br>
SIP url is <a moz-do-not-send="true"
href="mailto:sip%3Audpproxytest1@172.16.8.24">sip:udpproxytest1@172.16.8.24</a><br>
username: udpproxytest1<br>
password: udpproxytest1<br>
Outbound proxy<br>
SIPProxy: 172.16.8.79<br>
Network Port: 5060<br>
Transport Method: UDP<br>
<br>
Profile tlsproxytest1<br>
SIP url is <a moz-do-not-send="true"
href="mailto:sips%3Atlsproxytest1@172.16.8.24">sips:tlsproxytest1@172.16.8.24</a><br>
username: tlsproxytest1<br>
password: tlsproxytest1<br>
Outbound proxy<br>
SIPProxy: 172.16.8.79<br>
Network Port: 5061<br>
Transport Method: TLS<br>
<br>
Phone PH2:<br>
Profile udpproxytest2<br>
SIP url is <a moz-do-not-send="true"
href="mailto:sip%3Audpproxytest2@172.16.8.24">sip:udpproxytest2@172.16.8.24</a><br>
username: udpproxytest2<br>
password: udpproxytest2<br>
Outbound proxy<br>
SIPProxy: 172.16.8.79<br>
Network Port: 5060<br>
Transport Method: UDP<br>
<br>
Profile tlsproxytest2<br>
SIP url is <a moz-do-not-send="true"
href="mailto:sips%3Atlsproxytest2@172.16.8.24">sips:tlsproxytest2@172.16.8.24</a><br>
username: tlsproxytest2<br>
password: tlsproxytest2<br>
Outbound proxy<br>
SIPProxy: 172.16.8.79<br>
Network Port: 5061<br>
Transport Method: TLS<br>
<br>
<br>
When I test with users who uses UDP transport<br>
I am able to successfully Register and Invite and make call.<br>
<br>
<br>
But in case of TLS only Registration get succeed, but Call<br>
failed with "Remote side Rejected call".<br>
<br>
NOTE:<br>
,----<br>
| Please note here is some problem with minisip phones that in
case of<br>
| TLS transport they register with Contact that have transport=tcp
that I<br>
| have to change manually using<br>
|<br>
| opensipsctl ul add<br>
| opensipsctl ul rm<br>
|<br>
| command keeping same ports that was registered earlier.<br>
`----<br>
<br>
I also noticed in case TLS call the port designated in Contact uri
in<br>
time of registration are not open (that may be the reason for
failed call)<br>
<br>
Anybody could please let me know when Stateless Proxy could<br>
successfully work in UDP than what problem causing failure of call
in<br>
TLS.<br>
<br>
I have included link to the logs for both UDP and TLS session.<br>
<br>
In all logs my comments are also there starting with DateTime and
Sharad:<br>
like<br>
26Apr2013-11:33:51 Sharad: Starting test on udp<br>
<br>
in comment I have informed when I am going to do a operation like<br>
register or call.<br>
<br>
For generating certificate I have followed<br>
<a moz-do-not-send="true"
href="http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html#AEN118">http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html#AEN118</a><br>
<br>
I have generated main server certificate with<br>
/usr/local/sbin/opensipsctl tls rootCA<br>
/usr/local/sbin/opensipsctl tls userCERT mainserver<br>
in sslmainserver-tls.tar dir<br>
<br>
I have generated stateless proxy server certificate with<br>
/usr/local/sbin/opensipsctl tls rootCA<br>
/usr/local/sbin/opensipsctl tls userCERT slproxy<br>
in sslslproxy-tls.tar dir<br>
<br>
Both generated certificate I have installed in both phones.<br>
<br>
Logs and Config Files are at<br>
<a moz-do-not-send="true"
href="https://drive.google.com/folderview?id=0B4zwpbVQ5V3gMHl2SlVBUjR6NEU&usp=sharing">https://drive.google.com/folderview?id=0B4zwpbVQ5V3gMHl2SlVBUjR6NEU&usp=sharing</a><br>
<br>
sipSLproxy-udp.log: UDP Stateless Proxy Log<br>
sipserver-udp.log: UDP Main SIP Proxy Log<br>
phone1-udp.log: UDP Phone1 Log<br>
phone2-udp.log: UDP Phone2 Log<br>
<br>
sipSLproxy-tls.log: TLS Stateless Proxy Log<br>
sipserver-tls.log: TLS Main SIP Proxy Log<br>
phone1-tls.log: TLS Phone1 Log<br>
phone2-tls.log: TLS Phone2 Log<br>
<br>
SIPSERVER-opensips.cfg: SIP Server opensips.cfg<br>
SIP-STATELESS-Proxy-opensips.cfg: SIP Stateless proxy opensips.cfg<br>
<br>
sslslproxy-tls.tar: etc/opensips/tls dir for Stateless Proxy<br>
also have used certificate<br>
sslmainserver-tls.tar: etc/opensips/tls dir for Main SIP Server<br>
also have used certificate<br>
--<br>
Regards,<br>
-sharad<br>
<br>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</body>
</html>