<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>Hi Hamid,<br>
<br>
As the ERROR says, the SIP packet came into OpenSIPS in more than
4 chunks, making opensips to close the TCP connection (this is an
action against potential TCP connect based attacks). For more see
:<br>
<a class="moz-txt-link-freetext" href="http://www.opensips.org/Documentation/Script-CoreParameters-1-11#toc96">http://www.opensips.org/Documentation/Script-CoreParameters-1-11#toc96</a><br>
<br>
(tcp_max_msg_chunks global param)<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 16.02.2016 15:28, Hamid Hashmi
wrote:<br>
</div>
<blockquote cite="mid:BLU182-W83E0632A9A82FF9B03A1D5E0AD0@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr"><font color="#2672EC">Now I am facing following
ERROR. What can be the reason ?</font>
<div><br>
</div>
<div>
<pre style="box-sizing: border-box; overflow: auto; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 11.9px; font-stretch: normal; line-height: 1.45; padding: 16px; border-radius: 3px; word-wrap: normal; color: rgb(51, 51, 51); margin-top: 0px !important; margin-bottom: 0px !important; background-color: rgb(247, 247, 247);"><code style="box-sizing: border-box; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 11.9px; padding: 0px; margin: 0px; border-radius: 3px; word-break: normal; border: 0px; display: inline; max-width: initial; overflow: initial; line-height: inherit; word-wrap: normal; background: transparent;">Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: depth = 2
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good: verify return: 1
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: depth = 1
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good: verify return: 1
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: depth = 0
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good: verify return: 1
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: <a class="moz-txt-link-freetext" href="INFO:proto_tls:tls_accept">INFO:proto_tls:tls_accept</a>: New TLS connection from 103.255.5.39:64219 accepted
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: <a class="moz-txt-link-freetext" href="INFO:proto_tls:tls_dump_cert_info">INFO:proto_tls:tls_dump_cert_info</a>: tls_accept: client TLS certificate subject: *******
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: <a class="moz-txt-link-freetext" href="INFO:proto_tls:tls_dump_cert_info">INFO:proto_tls:tls_dump_cert_info</a>: tls_accept: local TLS server certificate subject: *******
Feb 16 13:11:43 ec2-siplb SIPLB[30844]: ERROR:proto_tls:tcp_handle_req: Made 4 read attempts but message is not complete yet - closing connection </code></pre>
</div>
<div><br>
</div>
<div><b><font face="Times New Roman" color="#5133ab" size="3"><i>Hamid
R. Hashmi</i></font></b>
<div><font size="2">Software Engineer - VoIP</font></div>
<div><font style="font-size:10pt;" color="#008a17" size="2">Vopium
A/S</font></div>
<br>
<br>
<div>
<hr id="stopSpelling">Date: Fri, 12 Feb 2016 08:03:44 +0000<br>
Subject: Re: [OpenSIPS-Users] How to TLS ?<br>
From: <a class="moz-txt-link-abbreviated" href="mailto:nabeelshikder@gmail.com">nabeelshikder@gmail.com</a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:users@lists.opensips.org">users@lists.opensips.org</a>; <a class="moz-txt-link-abbreviated" href="mailto:hamid2kviii@hotmail.com">hamid2kviii@hotmail.com</a><br>
<br>
<p dir="ltr">Hi, </p>
<p dir="ltr">That option is only required if you want to
enable "Mutual (two-way) client authentication' and is not
normally necessary when using TLS. Most of these clients
don't seem to support two way authentication. You can have
this option disabled:<br>
modparam("proto_tls","require_cert", "0"). </p>
<p dir="ltr">477 error in my experience is usually a
temporary connection error related to TLS, but not
directly related to configuration. </p>
<p dir="ltr">Nabeel</p>
<div class="ecxgmail_quote">On 12 Feb 2016 6:45 am, "Hamid
Hashmi" <<a moz-do-not-send="true"
href="mailto:hamid2kviii@hotmail.com">hamid2kviii@hotmail.com</a>>
wrote:<br>
<blockquote class="ecxgmail_quote" style="border-left:1px
#ccc solid;padding-left:1ex;">
<div>
<div dir="ltr"><font color="#2672EC">Nabeel</font>
<div><font color="#2672EC"><br>
</font></div>
<div><font color="#2672EC">I dont know how to
present a certificate from client. I have tried
using Xoiper (Android - Free), SFLphone (Ubuntu)
and CsipSimple (Android) but there was no
options set a public key. </font></div>
<div><font color="#2672EC"><br>
</font></div>
<div><font color="#2672EC">Now I am using CA signed
certificates in opensips with disabled flags of
verify_cert and require_cert, having an error
of </font><span style="font-family:'Times New
Roman';font-size:12pt;"><b>477 Send failed
(477/TM). </b></span></div>
<div><br>
<b><font face="Times New Roman" color="#5133ab"
size="3"><i>Hamid R. Hashmi</i></font></b>
<div><font size="2">Software Engineer - VoIP</font></div>
<div><font style="font-size:10pt;" color="#008a17"
size="2">Vopium A/S</font></div>
<br>
<br>
<div>
<hr>Date: Tue, 9 Feb 2016 08:48:41 +0000<br>
From: <a moz-do-not-send="true"
href="mailto:nabeelshikder@gmail.com"
target="_blank">nabeelshikder@gmail.com</a><br>
To: <a moz-do-not-send="true"
href="mailto:users@lists.opensips.org"
target="_blank">users@lists.opensips.org</a><br>
Subject: Re: [OpenSIPS-Users] How to TLS ?<br>
<br>
<p dir="ltr">Hi, </p>
<p dir="ltr">Does the client present a client
certificate? If not, then with
modparam("proto_tls","require_cert", "1"),
OpenSIPS misleadingly logs:<br>
'failed to accept: rejected by client'. What
it actually means is that the client failed to
present a certificate. </p>
<div>On 9 Feb 2016 6:06 am, "Hamid Hashmi" <<a
moz-do-not-send="true"
href="mailto:hamid2kviii@hotmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:hamid2kviii@hotmail.com">hamid2kviii@hotmail.com</a></a>>
wrote:<br>
<blockquote style="border-left:1px #ccc
solid;padding-left:1ex;">
<div>
<div dir="ltr"><font color="#2672EC">It
will be a great help if you please
help me in configuring TLS. I have
followed <a moz-do-not-send="true"
href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1"
target="_blank">this</a> to
configure TLS but could not able to
verify certificates.</font>
<div><font color="#2672EC"><br>
</font></div>
<div><font color="#2672EC">its working
if disable following flags</font></div>
<div><font color="#2672EC"><br>
</font></div>
<div><font face="Courier New,
sans-serif">modparam("proto_tls","verify_cert",
"0")</font></div>
<div><font face="Courier New,
sans-serif">modparam("proto_tls","require_cert",
"0")</font></div>
<div><font color="#2672EC"><br>
</font></div>
<div><font color="#2672EC">BUT
not verifying certificates. Please
see <a moz-do-not-send="true"
href="http://pastebin.com/qmXZjSy2"
target="_blank">logs</a> if
enabled</font></div>
<div><font color="#2672EC"><br>
</font></div>
<div><font face="Courier New,
sans-serif">modparam("proto_tls","verify_cert",
"1")</font></div>
<div><font face="Courier New,
sans-serif">modparam("proto_tls","require_cert",
"1")</font></div>
<div><font color="#2672EC"><br>
</font></div>
<div><font color="#2672EC">then have
following ERROR</font></div>
<div><font color="#2672EC"><br>
</font></div>
<pre style="overflow:auto;font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:11.9px;font-stretch:normal;line-height:1.45;padding:16px;border-radius:3px;word-wrap:normal;color:rgb(51,51,51);background-color:rgb(247,247,247);"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:11.9px;padding:0px;border-radius:3px;word-break:normal;border:0px;display:inline;max-width:initial;overflow:initial;line-height:inherit;word-wrap:normal;background:transparent;">Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29867]: [<a moz-do-not-send="true" href="http://192.168.26.181:8000" target="_blank">udp:keepalive@192.168.26.181:8000</a>]: Receive request OPTIONS from local server [192.168.26.181]
Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_accept: New TLS connection from <a moz-do-not-send="true" href="http://115.186.93.1:47015" target="_blank">115.186.93.1:47015</a> failed to accept: rejected by client
Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_read_req: failed to do pre-tls reading
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: [<a moz-do-not-send="true" href="http://192.168.26.180:6080" target="_blank">tcp:siplb@192.168.26.180:6080</a>]: In LOCAL Route sending OPTIONS to 192.168.26.181
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: <a class="moz-txt-link-freetext" href="INFO:core:probe_max_sock_buff">INFO:core:probe_max_sock_buff</a>: using snd buffer of 244 kb
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: <a class="moz-txt-link-freetext" href="INFO:core:init_sock_keepalive">INFO:core:init_sock_keepalive</a>: TCP keepalive enabled on socket 17 </code><span style="color:rgb(38,114,236);font-family:Calibri,sans-serif;font-size:12pt;"> </span></pre>
<div>Regards<br>
<b><font face="Times New Roman"
color="#5133ab" size="3"><i>Hamid
R. Hashmi</i></font></b>
<div><br>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opensips.org"
target="_blank">Users@lists.opensips.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
_______________________________________________
Users mailing list
<a moz-do-not-send="true"
href="mailto:Users@lists.opensips.org"
target="_blank">Users@lists.opensips.org</a>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>