<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Seems to be, default timeouts are too low.</p>
<p>By adding</p>
<pre>modparam("proto_wss", "wss_handshake_timeout", 500)
modparam("proto_wss", "wss_tls_handshake_timeout", 500)</pre>
<p>everything is working.<br>
</p>
<div class="moz-cite-prefix">Le 02/11/2023 à 20:52, Ihor Olkhovskyi
a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CAJTkRNspwhT6kPh+1AMmYtRmtWsdYWjjzqr91XnnTnOUC3Htvw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hello,</div>
<div>I'm a bit new (to a recent versions) to OpenSIPS and trying
it to act as a UDP - WebSocket proxy using it as an outbound
proxy in SIP client (PJSUA, if it's important)<br>
</div>
<div><br>
</div>
<div>Currently I'm using 3.4.2 version.<br>
</div>
<div>Config is quite simple, not far from default one.<br>
</div>
<div><span style="font-family:verdana,sans-serif">...<br>
</span></div>
<div><span style="font-family:verdana,sans-serif">socket=udp:<a
href="http://0.0.0.0:6051" moz-do-not-send="true">0.0.0.0:6051</a><br>
socket=wss:<a href="http://0.0.0.0:9443"
moz-do-not-send="true">0.0.0.0:9443</a></span></div>
<div><span class="gmail_signature_prefix"
style="font-family:verdana,sans-serif">...<br>
</span></div>
<div><span style="font-family:verdana,sans-serif">loadmodule
"proto_udp.so"<br>
loadmodule "proto_tls.so"<br>
<br>
# WebSocket part<br>
loadmodule "proto_wss.so"<br>
<br>
loadmodule "tls_openssl.so"<br>
loadmodule "tls_mgm.so"<br>
<br>
modparam("tls_mgm", "client_domain", "localhost")<br>
modparam("tls_mgm", "certificate",
"[localhost]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>
modparam("tls_mgm", "private_key",
"[localhost]/etc/ssl/private/ssl-cert-snakeoil.key")<br>
modparam("tls_mgm", "ca_list",
"[localhost]/etc/ssl/certs/ca-certificates.crt")<br>
modparam("tls_mgm", "verify_cert", "[localhost]0")<br>
modparam("tls_mgm", "require_cert", "[localhost]0")</span></div>
<div><span style="font-family:verdana,sans-serif"><br>
</span></div>
<div><span style="font-family:verdana,sans-serif">...</span></div>
<div><span style="font-family:verdana,sans-serif">route[relay] {<br>
if ($socket_in(proto) == "UDP") {<br>
$socket_out = "wss:<a href="http://0.0.0.0:9443"
moz-do-not-send="true">0.0.0.0:9443</a>";<br>
} else {<br>
$socket_out = "udp:<a href="http://0.0.0.0:6051"
moz-do-not-send="true">0.0.0.0:6051</a>";<br>
}<br>
<br>
if (!t_relay()) {<br>
send_reply(500, "Internal Error");<br>
}<br>
exit;<br>
}</span></div>
<div><br>
</div>
<div>I'm using most generic self-signed certs and just started
to make some experiments.</div>
<div>But when I'm trying just forward SIP packets to remote
server, I'm getting this in the logs</div>
<div><br>
</div>
<span style="font-family:tahoma,sans-serif"><a class="moz-txt-link-freetext" href="DBG:core:parse_headers">DBG:core:parse_headers</a>:
flags=ffffffffffffffff<br>
<a class="moz-txt-link-freetext" href="DBG:proto_wss:proto_wss_send">DBG:proto_wss:proto_wss_send</a>: no open tcp connection found,
opening new one<br>
<a class="moz-txt-link-freetext" href="DBG:core:probe_max_sock_buff">DBG:core:probe_max_sock_buff</a>: getsockopt: snd is initially
16384<br>
<a class="moz-txt-link-freetext" href="DBG:core:probe_max_sock_buff">DBG:core:probe_max_sock_buff</a>: using snd buffer of 416 kb<br>
<a class="moz-txt-link-freetext" href="DBG:core:init_sock_keepalive">DBG:core:init_sock_keepalive</a>: TCP keepalive enabled on socket
4<br>
<a class="moz-txt-link-freetext" href="DBG:core:print_ip">DBG:core:print_ip</a>: tcpconn_new: new tcp connection to:
<PBX_IP_ADDRESS><br>
<a class="moz-txt-link-freetext" href="DBG:core:tcpconn_new">DBG:core:tcpconn_new</a>: on port 8089, proto 6<br>
<a class="moz-txt-link-freetext" href="DBG:tls_mgm:tls_find_client_domain">DBG:tls_mgm:tls_find_client_domain</a>: found TLS client domain:
localhost<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_conn_init">DBG:tls_openssl:openssl_tls_conn_init</a>: Creating a whole new
ssl connection<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_conn_init">DBG:tls_openssl:openssl_tls_conn_init</a>: Setting in CONNECT mode
(client)<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_update_fd">DBG:tls_openssl:openssl_tls_update_fd</a>: New fd is 4<br>
<a class="moz-txt-link-freetext" href="ERROR:tls_openssl:openssl_tls_blocking_write">ERROR:tls_openssl:openssl_tls_blocking_write</a>: TLS send timeout
(100)<br>
<a class="moz-txt-link-freetext" href="ERROR:proto_wss:ws_client_handshake">ERROR:proto_wss:ws_client_handshake</a>: cannot start handshake<br>
<a class="moz-txt-link-freetext" href="ERROR:proto_wss:ws_connect">ERROR:proto_wss:ws_connect</a>: cannot complete WebSocket
handshake<br>
<a class="moz-txt-link-freetext" href="DBG:core:tcpconn_destroy">DBG:core:tcpconn_destroy</a>: destroying connection
0x7f0efb106440, flags 0038<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_update_fd">DBG:tls_openssl:openssl_tls_update_fd</a>: New fd is 4<br>
<a class="moz-txt-link-freetext" href="NOTICE:tls_openssl:verify_callback">NOTICE:tls_openssl:verify_callback</a>: depth = 2, verify success<br>
<a class="moz-txt-link-freetext" href="NOTICE:tls_openssl:verify_callback">NOTICE:tls_openssl:verify_callback</a>: depth = 1, verify success<br>
<a class="moz-txt-link-freetext" href="NOTICE:tls_openssl:verify_callback">NOTICE:tls_openssl:verify_callback</a>: depth = 0, verify success<br>
<a class="moz-txt-link-freetext" href="INFO:tls_openssl:openssl_tls_connect">INFO:tls_openssl:openssl_tls_connect</a>: New TLS connection to
<PBX_IP_ADDRESS>:8089 established<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_connect">DBG:tls_openssl:openssl_tls_connect</a>: new TLS connection to
<PBX_IP_ADDRESS>:8089 using TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384 256<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_connect">DBG:tls_openssl:openssl_tls_connect</a>: sending socket: <a
href="http://0.0.0.0:37697" moz-do-not-send="true">0.0.0.0:37697</a><br>
<a class="moz-txt-link-freetext" href="INFO:tls_openssl:tls_dump_cert_info">INFO:tls_openssl:tls_dump_cert_info</a>: tls_connect: server TLS
certificate subject: /CN=*.pbx.company.domain, issuer:
/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo
Limited/CN=Sectigo RSA Domain Validation Secure Server CA<br>
<a class="moz-txt-link-freetext" href="INFO:tls_openssl:tls_dump_cert_info">INFO:tls_openssl:tls_dump_cert_info</a>: tls_connect: local TLS
client certificate subject: /CN=localhost, issuer:
/CN=localhost<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_write">DBG:tls_openssl:openssl_tls_write</a>: write was successful (6
bytes)<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_update_fd">DBG:tls_openssl:openssl_tls_update_fd</a>: New fd is 4<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_write">DBG:tls_openssl:openssl_tls_write</a>: write was successful (2
bytes)<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_update_fd">DBG:tls_openssl:openssl_tls_update_fd</a>: New fd is 4<br>
<a class="moz-txt-link-freetext" href="DBG:tls_openssl:openssl_tls_conn_shutdown">DBG:tls_openssl:openssl_tls_conn_shutdown</a>: first phase of
2-way handshake completed succesfuly<br>
<a class="moz-txt-link-freetext" href="ERROR:proto_wss:proto_wss_send">ERROR:proto_wss:proto_wss_send</a>: connect failed<br>
<a class="moz-txt-link-freetext" href="ERROR:tm:msg_send">ERROR:tm:msg_send</a>: send() to <PBX_IP_ADDRESS>:8089 for
proto wss/6 failed<br>
<a class="moz-txt-link-freetext" href="ERROR:tm:t_forward_nonack">ERROR:tm:t_forward_nonack</a>: sending request failed<br>
</span>
<div><span style="font-family:tahoma,sans-serif"><a class="moz-txt-link-freetext" href="DBG:tm:t_relay_to">DBG:tm:t_relay_to</a>:
t_forward_nonack returned error</span></div>
<div><span style="font-family:tahoma,sans-serif"><br>
</span></div>
<div><span style="font-family:tahoma,sans-serif"><br>
</span></div>
<div>Server that I'm making connections to is supporting TLS and
WSS transports. If I'm changing socket type from WSS to TLS,
all is working, so it's not a TLS certificate issue or
something like this.<br>
</div>
<div><span class="gmail_signature_prefix"><br>
</span></div>
<div><span class="gmail_signature_prefix">I'm pretty sure, that
I'm missing something obvious, but not really getting what.</span></div>
<div><span class="gmail_signature_prefix"><br>
</span></div>
<div><span class="gmail_signature_prefix">Would be appreciated
for any hints.<br>
</span></div>
<div><span class="gmail_signature_prefix">-- </span><br>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">Best regards,
<div>Ihor (Igor)<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</body>
</html>