<div dir="ltr"><div>Hello,</div><div>I'm a bit new (to a recent versions) to OpenSIPS and trying it to act as a UDP - WebSocket proxy using it as an outbound proxy in SIP client (PJSUA, if it's important)<br></div><div><br></div><div>Currently I'm using 3.4.2 version.<br></div><div>Config is quite simple, not far from default one.<br></div><div><span style="font-family:verdana,sans-serif">...<br></span></div><div><span style="font-family:verdana,sans-serif">socket=udp:<a href="http://0.0.0.0:6051">0.0.0.0:6051</a><br>socket=wss:<a href="http://0.0.0.0:9443">0.0.0.0:9443</a></span></div><div><span class="gmail_signature_prefix" style="font-family:verdana,sans-serif">...<br></span></div><div><span style="font-family:verdana,sans-serif">loadmodule "proto_udp.so"<br>loadmodule "proto_tls.so"<br><br># WebSocket part<br>loadmodule "proto_wss.so"<br><br>loadmodule "tls_openssl.so"<br>loadmodule "tls_mgm.so"<br><br>modparam("tls_mgm", "client_domain", "localhost")<br>modparam("tls_mgm", "certificate", "[localhost]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>modparam("tls_mgm", "private_key", "[localhost]/etc/ssl/private/ssl-cert-snakeoil.key")<br>modparam("tls_mgm", "ca_list", "[localhost]/etc/ssl/certs/ca-certificates.crt")<br>modparam("tls_mgm", "verify_cert", "[localhost]0")<br>modparam("tls_mgm", "require_cert", "[localhost]0")</span></div><div><span style="font-family:verdana,sans-serif"><br></span></div><div><span style="font-family:verdana,sans-serif">...</span></div><div><span style="font-family:verdana,sans-serif">route[relay] {<br>    if ($socket_in(proto) == "UDP") {<br>        $socket_out = "wss:<a href="http://0.0.0.0:9443">0.0.0.0:9443</a>";<br>    } else {<br>        $socket_out = "udp:<a href="http://0.0.0.0:6051">0.0.0.0:6051</a>";<br>    }<br><br>    if (!t_relay()) {<br>        send_reply(500, "Internal Error");<br>    }<br>    exit;<br>}</span></div><div><br></div><div>I'm using most generic self-signed certs and just started to make some experiments.</div><div>But when I'm trying just forward SIP packets to remote server, I'm getting this in the logs</div><div><br></div><span style="font-family:tahoma,sans-serif">DBG:core:parse_headers: flags=ffffffffffffffff<br>DBG:proto_wss:proto_wss_send: no open tcp connection found, opening new one<br>DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384<br>DBG:core:probe_max_sock_buff: using snd buffer of 416 kb<br>DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 4<br>DBG:core:print_ip: tcpconn_new: new tcp connection to: <PBX_IP_ADDRESS><br>DBG:core:tcpconn_new: on port 8089, proto 6<br>DBG:tls_mgm:tls_find_client_domain: found TLS client domain: localhost<br>DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl connection<br>DBG:tls_openssl:openssl_tls_conn_init: Setting in CONNECT mode (client)<br>DBG:tls_openssl:openssl_tls_update_fd: New fd is 4<br>ERROR:tls_openssl:openssl_tls_blocking_write: TLS send timeout (100)<br>ERROR:proto_wss:ws_client_handshake: cannot start handshake<br>ERROR:proto_wss:ws_connect: cannot complete WebSocket handshake<br>DBG:core:tcpconn_destroy: destroying connection 0x7f0efb106440, flags 0038<br>DBG:tls_openssl:openssl_tls_update_fd: New fd is 4<br>NOTICE:tls_openssl:verify_callback: depth = 2, verify success<br>NOTICE:tls_openssl:verify_callback: depth = 1, verify success<br>NOTICE:tls_openssl:verify_callback: depth = 0, verify success<br>INFO:tls_openssl:openssl_tls_connect: New TLS connection to <PBX_IP_ADDRESS>:8089 established<br>DBG:tls_openssl:openssl_tls_connect: new TLS connection to <PBX_IP_ADDRESS>:8089 using TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256<br>DBG:tls_openssl:openssl_tls_connect: sending socket: <a href="http://0.0.0.0:37697">0.0.0.0:37697</a><br>INFO:tls_openssl:tls_dump_cert_info: tls_connect: server TLS certificate subject: /CN=*.pbx.company.domain, issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA<br>INFO:tls_openssl:tls_dump_cert_info: tls_connect: local TLS client certificate subject: /CN=localhost, issuer: /CN=localhost<br>DBG:tls_openssl:openssl_tls_write: write was successful (6 bytes)<br>DBG:tls_openssl:openssl_tls_update_fd: New fd is 4<br>DBG:tls_openssl:openssl_tls_write: write was successful (2 bytes)<br>DBG:tls_openssl:openssl_tls_update_fd: New fd is 4<br>DBG:tls_openssl:openssl_tls_conn_shutdown: first phase of 2-way handshake completed succesfuly<br>ERROR:proto_wss:proto_wss_send: connect failed<br>ERROR:tm:msg_send: send() to <PBX_IP_ADDRESS>:8089 for proto wss/6 failed<br>ERROR:tm:t_forward_nonack: sending request failed<br></span><div><span style="font-family:tahoma,sans-serif">DBG:tm:t_relay_to: t_forward_nonack returned error</span></div><div><span style="font-family:tahoma,sans-serif"><br></span></div><div><span style="font-family:tahoma,sans-serif"><br></span></div><div>Server that I'm making connections to is supporting TLS and WSS transports. If I'm changing socket type from WSS to TLS, all is working, so it's not a TLS certificate issue or something like this.<br></div><div><span class="gmail_signature_prefix"><br></span></div><div><span class="gmail_signature_prefix">I'm pretty sure, that I'm missing something obvious, but not really getting what.</span></div><div><span class="gmail_signature_prefix"><br></span></div><div><span class="gmail_signature_prefix">Would be appreciated for any hints.<br></span></div><div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Best regards,<div>Ihor (Igor)<br></div></div></div></div></div>