Re: [OpenSIPS-Users] opensips behind firewall.
Thanks Alex. I will try this evening. On Thu, 28 Feb 2019, 05:56 Alexey Kazantsev via Users < users@lists.opensips.org wrote: > Hello Johan, > > rtpengine itself has the ability to listen on one address but advertise > another. > > This is from official documentation: > "interface=10.65.76.2!192.0.2.4 means that 10.65.76.2 is the actual local > address on the server, but outgoing SDP bodies should advertise 192.0.2.4 > as the address that endpoints should talk to". > > Please refer to https://github.com/sipwise/rtpengine , section "Interface > configuration". > I hope this will help you. > > --- > BR, Alexey > http://alexeyka.zantsev.com/ > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] lb_list shows an incorrect load in load balancer
Hello, I need a little help regarding a load balancer issue. I have two destinations (A.X.X.X and B.X.X.X) in the load balancer group. A.X.X.X is working fine but sometimes B.X.X.X is not responding in time and a 408 response is received. In that case I am doing a lb_next() and load balancer send it to A.X.X.X but in “opensips fifo lb_list“ is showing that B.X.X.X load is 1 and I think it must be 0 because in A.X.X.X load is 2 and there is only 2 dialogs. Destination:: sip:33@A.X.X.X:5080 id=96 group=1 enabled=yes auto-reenable=on Resources:: Resource:: channel max=10 *load*=2 Destination:: sip:33@B.X.X.X:5080 id=98 group=1 enabled=yes auto-reenable=on Resources:: Resource:: channel max=10 *load=*1 I’m trying to remove that “load=1” but if I use lb_count_call to undo : if (lb_is_destination(“B.X.X.X", "5080", "1","1")) { lb_count_call("B.X.X.X","5080","1","channel","1"); } This error happens: Feb 21 13:05:18 [11033] ERROR:load_balancer:lb_route: sequential call of LB - failed to remove from profile [lbXchannel]->[62] Is there any way to decrease the load of B.X.X.X or how can it not be considered in load count in a failure_route? I’m saving load data to statistics purpose and it doesn’t match with the number of dialogues. I’m using Opensips 2.4.2 Thank you very much. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips behind firewall.
Hello Johan, rtpengine itself has the ability to listen on one address but advertise another. This is from official documentation: "interface=10.65.76.2!192.0.2.4 means that 10.65.76.2 is the actual local address on the server, but outgoing SDP bodies should advertise 192.0.2.4 as the address that endpoints should talk to". Please refer to https://github.com/sipwise/rtpengine , section "Interface configuration". I hope this will help you. --- BR, Alexey http://alexeyka.zantsev.com/ ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] opensips version2.4.4 tls_mgm
Hello, I am trying to install opensips version 2.4.4 on RHEL 7.5. when I try to start opnsips, it is showing logs in syslog-ng ERROR:tls_mgm:mod_init: unable to set the memory allocation functions ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version! Below are my version details: opensips -V version: opensips 2.4.4 (x86_64/linux) flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll, sigio_rt, select. git revision: a42226ccb main.c compiled on 15:11:28 Feb 27 2019 with gcc 4.4.7 openssl version -a OpenSSL 1.0.2k-fips 26 Jan 2017 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/etc/pki/tls" engines: rdrand dynamic Googled around, found many people found this issue but haven't found any working solution. Regards, Lokesh Jadwani DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail. E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] SDP manipulation & rtpengine
Hello: I am using trying to manipulate parts of the SDP body before calling rtpengine_offer / rtpengine_answer. However, any changes made via textops functions such as subst_body, replace_body, replace_body_all, etc. do not seem to impact the SDP that is sent to rtpengine. In my particular case, rtpengine fails to parse the SDP because of an extra carriage return line feed sent in the SDP. Is there a way to send rtpengine manipulated SDP, rather than just the SDP sent in the request? Use case: if (subst_body("/(^a=.*\r\n)\r\n/\1/g")) { xlog("L_INFO", "bad SDP --- duplicate CRLF"); } rtpengine_offer(" ... options ... "); Regards, Pat Burke __ Direct: (402) 403-5121 | Cell: (402) 443-8929 | Email: p...@voxtelesys.com 1801 23rd Avenue North | Suite 217 | Fargo, North Dakota 58102 ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] opensips behind firewall.
Hi I have the following situation: Phone: 10.2.1.2 ->fw ingress : 10.2.1.1 -> fw egress : 10.3.1.1 -> opensips 10.3.1.2 There is no sip alg on the firewall. I have no idea if this possible, but how do I need to set rtpengine flags so that rtpengine listens on 10.3.1.2 but announces 10.2.1.1 ? Of course, the opensips machine has only 1 interface. Johan De Clercq, Managing Director Democon bvba - Ooigemstraat 41 - 8780 Oostrozebeke Tel +3256980990 - GSM +32478720104 ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] OpenSIPs Load_balancer cluster count
Hello, I'm using a Cluster between two OpenSIPs 2.4 Servers with module Load_Balancer and a N number of Asterisk. I have noticed that when there is a lot of traffic, the calls count is not correct; always more than real. opensipsctl fifo lb_list = Wrong opensipsctl fifo get_statistics active_dialogs = OK How can i fix it? Regards -- --- I'm SoCIaL, MayBe ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS issue with WSS
Hi all, I am trying to apply this tutorial to my test environment but I couldn't solve a problem with TLS handshake. https://www.opensips.org/Documentation/Tutorials-WebSocket-2-2 My configuration is simply like that. listen=ws:10.10.10.10:8080 listen=wss:10.10.10.10:443 ... loadmodule "proto_tls.so" loadmodule "proto_wss.so" loadmodule "proto_ws.so" loadmodule "tls_mgm.so" modparam("tls_mgm", "certificate","/etc/letsencrypt/live/ testserver.example.net/fullchain.pem") modparam("tls_mgm", "private_key","/etc/letsencrypt/live/ testserver.example.net/privkey.pem") When I try to connect the server via a websocket client like SIP.js or jssip, I got this error. Feb 27 15:22:39 [26842] DBG:core:probe_max_sock_buff: getsockopt: snd is initially 425984 Feb 27 15:22:39 [26842] INFO:core:probe_max_sock_buff: using snd buffer of 416 kb Feb 27 15:22:39 [26842] INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 49 Feb 27 15:22:39 [26842] DBG:core:print_ip: tcpconn_new: new tcp connection to: 192.168.100.100 Feb 27 15:22:39 [26842] DBG:core:tcpconn_new: on port 34560, proto 6 Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: entered: Creating a whole new ssl connection Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: looking up socket based TLS server domain [10.10.10.10:443] Feb 27 15:22:39 [26842] DBG:tls_mgm:tls_find_server_domain: virtual TLS server domain not found, Using default TLS server domain settings Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: found socket based TLS server domain [0.0.0.0:0] Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: Setting in ACCEPT mode (server) Feb 27 15:22:39 [26842] DBG:core:tcpconn_add: hashes: 607, 660 Feb 27 15:22:39 [26842] DBG:core:handle_new_connect: new connection: 0x7fd6a55d8240 49 flags: 001c Feb 27 15:22:39 [26842] DBG:core:send2child: to tcp child 0 (26839), 0x7fd6a55d8240 rw 1 Feb 27 15:22:39 [26839] DBG:core:handle_io: We have received conn 0x7fd6a55d8240 with rw 1 on fd 5 Feb 27 15:22:39 [26839] DBG:core:io_watch_add: [TCP_worker] io_watch_add op (5 on 46) (0x563321968480, 5, 19, 0x7fd6a55d8240,1), fd_no=4/1024 Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5 Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: Using the global ( per process ) buff Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5 Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: ws_read end Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5 Feb 27 15:22:39 [26839] ERROR:proto_wss:tls_accept: New TLS connection from 192.168.100.100:34560 failed to accept Feb 27 15:22:39 [26839] ERROR:proto_wss:wss_read_req: cannot fix read connection Feb 27 15:22:39 [26839] DBG:core:io_watch_del: [TCP_worker] io_watch_del op on index 0 5 (0x563321968480, 5, 0, 0x10,0x3) fd_no=5 called Feb 27 15:22:39 [26839] DBG:core:tcpconn_release: releasing con 0x7fd6a55d8240, state -2, fd=-1, id=1151231636 Feb 27 15:22:39 [26839] DBG:core:tcpconn_release: extra_data 0x7fd6a55d8438 Feb 27 15:22:39 [26842] DBG:core:handle_tcp_worker: response= 7fd6a55d8240, -2 from tcp worker 26839 (0) Feb 27 15:22:39 [26842] DBG:core:tcpconn_destroy: destroying connection 0x7fd6a55d8240, flags 001c Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_clean: entered Feb 27 15:22:39 [26842] DBG:proto_wss:tls_update_fd: New fd is 49 I have tried to test my installation with openssl client and I think it has an issue with the setup because there is an error message. ➜ openssl s_client -connect testserver.example.net:443 CONNECTED(0005) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = testserver.example.net verify return:1 4499986028:error:14020410:SSL routines:CONNECT_CR_SESSION_TICKET:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.230.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40 4499986028:error:140200E5:SSL routines:CONNECT_CR_SESSION_TICKET:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.230.1/libressl-2.6/ssl/ssl_pkt.c:585: --- Certificate chain 0 s:/CN=testserver.example.net i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -BEGIN CERTIFICATE- MIIFYjCCBEqgAwIBAgISAyIztk4mccb0A0k9XLOtFkGXMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAyMTIwOTU4MTRaFw0x OTA1MTMwOTU4MTRaMB8xHTAbBgNVBAMTFHNpcDMtdjIuYnVsdXRmb24ubmV0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DSkfcRZcjjhsyrnH6i/xmM2 7q9GfkPopmj8+RzJemdqSK7fSsGodSZznsYDn+b+u9AhYwr01WS0HPeag3kEMA+S Bn8cu1s/osa9Jipj4BnkPhU14T4/9x/Tvurt8v1BdS6uYLqFInV1LnGfTp7XhlRY uF+SRve0vxtXOPtokS68xvjVRrWI4UNR+S+neDvZqsDQQ6q2hcdQ1aRoEt0wbKO+