<div dir="ltr">opensips.cfg <div><br></div><div>####### Global Parameters #########<br><br>log_level=7<br>xlog_level=7<br>stderror_enabled=no<br>syslog_enabled=yes<br>syslog_facility=LOG_LOCAL0<br><br>udp_workers=4<br><br>open_files_limit=4096<br><br>tcp_connect_timeout=1000<br><br>/* comment the next line to enable the auto discovery of local aliases<br> based on revers DNS on IPs */<br>auto_aliases=no<br><br><br>socket=udp:x.x.x.x:5060<br>socket=wss:x.x.x.x:443<br>alias="wss:xxxxx:443"<br>advertised_address="xxxxx"<br>advertised_address="x.x.x.x"<br><br><br>####### Modules Section ########<br><br>#set module path<br>mpath="/usr/local/lib64/opensips/modules/"<br>loadmodule "uac.so"<br>loadmodule "mid_registrar.so"<br>modparam("mid_registrar", "mode", 2) /* 0 = mirror / 1 = ct / 2 = AoR */<br>modparam("mid_registrar", "outgoing_expires", 7200)<br>modparam("mid_registrar", "received_avp", "$avp(received)")<br>modparam("mid_registrar", "pn_enable", true)<br>modparam("mid_registrar", "pn_providers", "apns,fcm,webpush")<br>modparam("mid_registrar", "min_expires", 300)<br>modparam("mid_registrar", "contact_id_insertion", "ct-username")<br>modparam("mid_registrar", "contact_id_param", "ctid")<br><br><br>#### SIGNALING module<br>loadmodule "signaling.so"<br><br>#### StateLess module<br>loadmodule "sl.so"<br><br>#### Transaction Module<br>loadmodule "tm.so"<br>modparam("tm", "fr_timeout", 5)<br>modparam("tm", "fr_inv_timeout", 30)<br>modparam("tm", "restart_fr_on_each_reply", 0)<br>modparam("tm", "onreply_avp_mode", 1)<br><br>loadmodule "nathelper.so"<br>modparam("nathelper", "received_avp", "$avp(received)")<br><br><br>#### Record Route Module<br>loadmodule "rr.so"<br>/* do not append from tag to the RR (no need for this script) */<br>modparam("rr", "append_fromtag", 1)<br><br>#### MAX ForWarD module<br>loadmodule "maxfwd.so"<br><br>loadmodule "path.so"<br><br>#### SIP MSG OPerationS module<br>loadmodule "sipmsgops.so"<br><br>#### FIFO Management Interface<br>loadmodule "mi_fifo.so"<br>modparam("mi_fifo", "fifo_name", "/var/run/opensips/opensips_fifo")<br>modparam("mi_fifo", "fifo_mode", 0666)<br><br><br>#### URI module<br>#loadmodule "uri.so"<br>#modparam("uri", "use_uri_table", 0)<br>loadmodule "db_mysql.so"<br>#### USeR LOCation module<br>loadmodule "usrloc.so"<br>modparam("usrloc", "nat_bflag", "UAS_NAT")<br>modparam("usrloc", "working_mode_preset", "single-instance-sql-write-back")<br>modparam("usrloc", "db_url",<br> "mysql://root:root@localhost:3306/opensips")<br><br>#### REGISTRAR module<br>#loadmodule "registrar.so"<br><br>/* uncomment the next line not to allow more than 10 contacts per AOR */<br>#modparam("registrar", "max_contacts", 10)<br><br>#### ACCounting module<br>loadmodule "acc.so"<br>/* what special events should be accounted ? */<br>modparam("acc", "early_media", 0)<br>modparam("acc", "report_cancels", 0)<br>/* by default we do not adjust the direct of the sequential requests.<br> if you enable this parameter, be sure the enable "append_fromtag"<br> in "rr" module */<br>modparam("acc", "detect_direction", 0)<br><br><br>#### UDP protocol<br>loadmodule "proto_udp.so"<br><br>#loadmodule "proto_tcp.so"<br>#modparam("proto_tcp","tcp_async",1)<br>loadmodule "proto_tls.so"<br># WS and WSS module<br>loadmodule "proto_wss.so"<br>loadmodule "proto_ws.so"<br>modparam("proto_wss", "wss_max_msg_chunks", 16)<br>#modparam("proto_wss", "require_origin", no)<br>#modparam("proto_ws", "require_origin", no)<br>#modparam("proto_wss", "wss_port", 443)<br>#modparam("proto_wss", "wss_handshake_timeout", 500)<br>#modparam("proto_wss", "wss_tls_handshake_timeout", 500)<br>#modparam("proto_wss", "wss_resource", "/")<br>#modparam("proto_wss", "tls_method", "TLSv1")<br>#modparam("proto_wss", "trace_on", 1)<br><br>loadmodule "textops.so"<br><br>## TLS Management<br>loadmodule "tls_openssl.so"<br>loadmodule "tls_mgm.so"<br>modparam("tls_mgm", "tls_library", "openssl")<br>modparam("tls_mgm", "client_domain","dom")<br>modparam("tls_mgm", "ca_dir", "[dom]/etc/certs/")<br>modparam("tls_mgm", "ca_list", "[dom]/etc/certs/isrgrootx1.pem")<br>#modparam("tls_mgm", "ca_list", "[dom]/etc/certs/fullchain.pem")<br>#modparam("tls_mgm", "ca_list", "[dom]/etc/certs/isrg-root-x1-cross-signed.pem")<br>modparam("tls_mgm", "verify_cert", "[dom]0")<br>modparam("tls_mgm", "require_cert", "[dom]0")<br>modparam("tls_mgm", "match_sip_domain", "[dom]*")<br>modparam("tls_mgm", "match_ip_address", "[dom]*")<br>modparam("tls_mgm", "certificate","[dom]/etc/certs/fullchain.pem")<br>modparam("tls_mgm","private_key","[dom]/etc/certs/privkey.pem")<br>#modparam("tls_mgm", "ciphers_list", "[dom]AES128-SHA256:AES256-SHA")<br><br><br><br>modparam("tls_mgm","server_domain", "dom1")<br>modparam("tls_mgm", "match_sip_domain", "[dom1]xxxxx")<br>modparam("tls_mgm", "match_ip_address", "[dom1]x.x.x.x:443")<br>modparam("tls_mgm", "verify_cert", "[dom1]0")<br>modparam("tls_mgm", "require_cert", "[dom1]0")<br>modparam("tls_mgm", "ca_dir", "[dom1]/etc/certs/")<br>#modparam("tls_mgm", "ca_list", "[dom1]/etc/certs/fullchain.pem")<br>modparam("tls_mgm", "ca_list", "[dom1]/etc/certs/isrgrootx1.pem")<br>#modparam("tls_mgm", "ca_list", "[xxxxx]/etc/certs/isrg-root-x1-cross-signed.pem")<br>modparam("tls_mgm", "certificate","[dom1]/etc/certs/fullchain.pem")<br>modparam("tls_mgm","private_key","[dom1]/etc/certs/privkey.pem")<br>modparam("tls_mgm", "tls_method", "[dom1]TLSv1_3")<br>#modparam("tls_mgm", "tls_method", "[dom]TLSv1_3")<br>#modparam("tls_mgm", "ciphers_list", "[dom1]AES128-SHA256:AES256-SHA")<br><br><br>modparam("tls_mgm","server_domain", "dom2")<br>modparam("tls_mgm", "match_sip_domain", "[dom2]xxxxx")<br>modparam("tls_mgm", "match_ip_address", "[dom2]x.x.x.x:1443")<br>modparam("tls_mgm", "verify_cert", "[dom2]0")<br>modparam("tls_mgm", "require_cert", "[dom2]0")<br>modparam("tls_mgm", "ca_dir", "[dom2]/etc/certs/")<br>#modparam("tls_mgm", "ca_list", "[dom2]/etc/certs/fullchain.pem")<br>modparam("tls_mgm", "ca_list", "[dom2]/etc/certs/isrgrootx1.pem")<br>#modparam("tls_mgm", "ca_list", "[xxxxx]/etc/certs/isrg-root-x1-cross-signed.pem")<br>modparam("tls_mgm", "certificate","[dom2]/etc/certs/fullchain.pem")<br>modparam("tls_mgm","private_key","[dom2]/etc/certs/privkey.pem")<br>modparam("tls_mgm", "tls_method", "[dom2]TLSv1_3")<br>#modparam("tls_mgm", "ciphers_list", "[dom2]AES128-SHA256:AES256-SHA")<br><br>loadmodule "rest_client.so"<br>loadmodule "event_routing.so"<br><br>####### Routing Logic ########<br><br># main request routing logic<br><br>route{<br> if (!mf_process_maxfwd_header(10)) {<br> sl_send_reply(483,"Too Many Hops");<br> exit;<br> }<br><br> if (has_totag()) {<br> # sequential requests within a dialog should<br> # take the path determined by record-routing<br> if (loose_route()) {<br> <br> if (is_method("BYE")) {<br> # do accunting, even if the transaction fails<br> do_accounting("log","failed");<br> } else if (is_method("INVITE")) {<br> xlog("In INVITE1");<br> # even if in most of the cases is useless, do RR for<br> # re-INVITEs alos, as some buggy clients do change route set<br> # during the dialog.<br> record_route();<br> }<br><br> # route it out to whatever destination was set by loose_route()<br> # in $du (destination URI).<br> route(relay);<br> } else {<br> <br> if ( is_method("ACK") ) {<br> if ( t_check_trans() ) {<br> # non loose-route, but stateful ACK; must be an ACK after <br> # a 487 or e.g. 404 from upstream server<br> t_relay();<br> exit;<br> } else {<br> # ACK without matching transaction -><br> # ignore and discard<br> exit;<br> }<br> }<br> sl_send_reply(404,"Not here");<br> }<br> exit;<br> }<br><br> # CANCEL processing<br> if (is_method("CANCEL"))<br> {<br> if (t_check_trans())<br> t_relay();<br> exit;<br> }<br><br> t_check_trans();<br> <br> if (is_method("REGISTER")) {<br> fix_nated_register();<br> add_path_received();<br> mid_registrar_save("location",'path-received');<br> switch ($retcode) {<br> case 1:<br> $ru = "sip:asteriskprivateip:1443;transport=wss";<br> if (!t_relay()) {<br> xlog("L_ERR", "Failed to forward call to Asterisk \n");<br> send_reply(500, "Internal Server Error");<br> }<br> break;<br> case 2:<br> xlog("absorbing REGISTER! ($$ci=$ci)\n");<br> break;<br> default:<br> xlog("failed to save registration! ($$ci=$ci)\n");<br> }<br><br> exit;<br> }<br><br> # preloaded route checking<br> if (loose_route()) {<br> xlog("L_ERR",<br> "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");<br> if (!is_method("ACK"))<br> sl_send_reply(403,"Preload Route denied");<br> exit;<br> }<br><br> # record routing<br> if (!is_method("REGISTER|MESSAGE"))<br> record_route();<br><br><br> # account only INVITEs<br> if (is_method("INVITE")) {<br> $ru="sip:asteriskprivateip:1443;transport=wss;";<br> t_relay();<br> }<br><br> # requests for my domain<br> if (is_method("PUBLISH|SUBSCRIBE"))<br> {<br> sl_send_reply(503, "Service Unavailable");<br> exit;<br> }<br><br> if ($rU==NULL) {<br> # request with no Username in RURI<br> sl_send_reply(484,"Address Incomplete");<br> exit;<br> }<br><br><br> if (has_totag()) {<br> if (is_method("ACK") && t_check_trans()) {<br> t_relay();<br> exit;<br> }<br><br> if (!loose_route()) {<br> send_reply(404, "Not Found");<br> exit;<br> }<br><br> if (!is_method("ACK")) {<br> }<br> route(relay);<br> exit;<br> }<br><br><br> # when routing via usrloc, log the missed calls also<br> do_accounting("log","missed");<br> route(relay);<br>}<br><br><br>route[relay] {<br> # for INVITEs enable some additional helper routes<br> if (is_method("INVITE")) {<br> t_on_branch("per_branch_ops");<br> t_on_reply("handle_nat");<br> t_on_failure("missed_call");<br> }<br><br> if (!t_relay()) {<br> send_reply(500,"Internal Error");<br> };<br> exit;<br>}<br><br><br><br><br>branch_route[per_branch_ops] {<br> xlog("new branch at $ru\n");<br>}<br><br><br>onreply_route[handle_nat] {<br> <br> xlog("incoming reply\n");<br>}<br><br><br>failure_route[missed_call] {<br> if (t_was_cancelled()) {<br> exit;<br> }<br>}</div></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br><table style="border-top:1px solid #d3d4de"><tr><td style="width:55px;padding-top:13px"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://s-install.avcdn.net/ipm/preview/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td><td style="width:470px;padding-top:12px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virus-free.<a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avast.com</a></td></tr></table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sat, 15 Feb 2025 at 10:51, Prathibha B <<a href="mailto:prathibhab.tvm@gmail.com">prathibhab.tvm@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hello,</div><div><br></div><div>When calling from webrtc client to asterisk via opensips, I'm getting the following error message:</div><div><br></div><div><div style="box-sizing:border-box;display:flex;color:rgb(31,35,40);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI","Noto Sans",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px"><div style="box-sizing:border-box;min-width:0px"><div style="box-sizing:border-box;display:flex;border-radius:6px;border-width:1px;border-style:solid;padding-top:0px;padding-bottom:0px"><div style="box-sizing:border-box;display:flex"><div style="box-sizing:border-box;width:790.08px"><div style="box-sizing:border-box;display:flex;margin:16px"><div style="box-sizing:border-box;font-size:16px;line-height:1.5"><div style="box-sizing:border-box;font-size:14px;line-height:1.5;max-width:100%;margin-top:0px;margin-bottom:0px"><p dir="auto" style="box-sizing:border-box;margin-top:0px;margin-bottom:0px">ERROR:tls_openssl:openssl_tls_write: TLS write error:<br style="box-sizing:border-box">/usr/local/sbin/opensips[1372222]: ERROR:tls_openssl:openssl_tls_blocking_write: TLS failed to send data<br style="box-sizing:border-box">/usr/local/sbin/opensips[1372222]: ERROR:tls_openssl:openssl_tls_write: TLS connection to <a href="http://10.203.0.6:55668" target="_blank">10.203.0.6:55668</a> write failed (5:-1:9)<br style="box-sizing:border-box">ngdcs /usr/local/sbin/opensips[1372222]: ERROR:tls_openssl:openssl_tls_write: TLS write error:<br style="box-sizing:border-box">/usr/local/sbin/opensips[1372222]: ERROR:tls_openssl:openssl_tls_blocking_write: TLS failed to send data</p></div></div></div></div></div></div></div></div><div style="box-sizing:border-box;display:flex;color:rgb(31,35,40);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI","Noto Sans",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px"><br></div></div><div>How to resolve this issue?</div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Regards,</div><div>B.Prathibha<br></div></div></div></div>
</blockquote></div><div><br clear="all"></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Regards,</div><div>B.Prathibha<br></div></div></div>