date:20190227

Re: [OpenSIPS-Users] opensips behind firewall.

2019-02-27 Thread Johan De Clercq

Thanks Alex. I will try this evening.

On Thu, 28 Feb 2019, 05:56 Alexey Kazantsev via Users <
users@lists.opensips.org wrote:

> Hello Johan,
>
> rtpengine itself has the ability to listen on one address but advertise
> another.
>
> This is from official documentation:
> "interface=10.65.76.2!192.0.2.4 means that 10.65.76.2 is the actual local
> address on the server, but outgoing SDP bodies should advertise 192.0.2.4
> as the address that endpoints should talk to".
>
> Please refer to https://github.com/sipwise/rtpengine , section "Interface
> configuration".
> I hope this will help you.
>
> ---
> BR, Alexey
> http://alexeyka.zantsev.com/
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] lb_list shows an incorrect load in load balancer

2019-02-27 Thread Rocio Walias

Hello,



I need a little help regarding a load balancer issue.

I have two destinations (A.X.X.X and B.X.X.X) in the load balancer
group. A.X.X.X is working fine but  sometimes B.X.X.X is not
responding in time and a 408 response is received. In that case I am
doing a lb_next() and load balancer send it to A.X.X.X but in
“opensips fifo lb_list“ is showing that B.X.X.X load is 1 and I think
it must be 0 because in A.X.X.X load is 2 and there is only 2 dialogs.



Destination:: sip:33@A.X.X.X:5080 id=96 group=1 enabled=yes auto-reenable=on

Resources::

Resource:: channel max=10 *load*=2

Destination:: sip:33@B.X.X.X:5080 id=98 group=1 enabled=yes auto-reenable=on

Resources::

Resource:: channel max=10 *load=*1



I’m trying to remove that “load=1”  but if I use lb_count_call to undo :

if (lb_is_destination(“B.X.X.X", "5080", "1","1"))

{

lb_count_call("B.X.X.X","5080","1","channel","1");

}



This error happens:

Feb 21 13:05:18 [11033] ERROR:load_balancer:lb_route: sequential call of LB
- failed to remove from profile [lbXchannel]->[62]



Is there any way to decrease the load of B.X.X.X or how can it not be
considered in load count in a failure_route? I’m saving load data to
statistics purpose  and it  doesn’t match with the number of
dialogues.

I’m using Opensips 2.4.2



Thank you very much.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] opensips behind firewall.

2019-02-27 Thread Alexey Kazantsev via Users

Hello Johan,

rtpengine itself has the ability to listen on one address but advertise another.

This is from official documentation:
"interface=10.65.76.2!192.0.2.4 means that 10.65.76.2 is the actual local 
address on the server, but outgoing SDP bodies should advertise 192.0.2.4 
as the address that endpoints should talk to".

Please refer to https://github.com/sipwise/rtpengine , section "Interface 
configuration".
I hope this will help you.

---
BR, Alexey
http://alexeyka.zantsev.com/
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] opensips version2.4.4 tls_mgm

2019-02-27 Thread Jadwani, Lokesh

Hello,
I am trying to install opensips version 2.4.4 on RHEL 7.5. when I try to start 
opnsips, it is showing logs in syslog-ng

ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or 
other FIPS version of openssl, as this is known to be broken; if so, you need 
to upgrade or downgrade to a different openssl version!


Below are my version details:

opensips -V
version: opensips 2.4.4 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, 
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: a42226ccb
main.c compiled on 15:11:28 Feb 27 2019 with gcc 4.4.7

openssl version -a
OpenSSL 1.0.2k-fips  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) 
blowfish(idx)
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB 
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 
-DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 
-mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM 
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  rdrand dynamic

Googled around, found many people found this issue but haven't found any 
working solution.


Regards,
Lokesh Jadwani




DISCLAIMER: This e-mail may contain information that is confidential, 
privileged or otherwise protected from disclosure. 
If you are not an intended recipient of this e-mail, do not duplicate or 
redistribute it by any means. 
Please delete it and any attachments and notify the sender that you have 
received it in error. 
Unintended recipients are prohibited from taking action on the basis of 
information in this e-mail. 
E-mail messages may contain computer viruses or other defects, may not be 
accurately replicated on other systems, or may be intercepted, 
deleted or interfered with without the knowledge of the sender or the intended 
recipient. 
If you are not comfortable with the risks associated with e-mail messages, 
you may decide not to use e-mail to communicate with IPC. IPC reserves the 
right, 
to the extent and under circumstances permitted by applicable law, 
to retain, monitor and intercept e-mail messages to and from its systems.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] SDP manipulation & rtpengine

2019-02-27 Thread Pat Burke


Hello:


I am using trying to manipulate parts of the SDP body before calling 
rtpengine_offer / rtpengine_answer.  However, any changes made via textops 
functions such as subst_body, replace_body, replace_body_all, etc. do not seem 
to impact the SDP that is sent to rtpengine.


In my particular case, rtpengine fails to parse the SDP because of an extra 
carriage return line feed sent in the SDP.  Is there a way to send rtpengine 
manipulated SDP, rather than just the SDP sent in the request?


Use case:
if (subst_body("/(^a=.*\r\n)\r\n/\1/g")) {
  xlog("L_INFO", "bad SDP --- duplicate CRLF");
}


rtpengine_offer(" ... options ... ");


Regards,
Pat Burke



__
Direct: (402) 403-5121   |   Cell: (402) 443-8929  |   Email: 
p...@voxtelesys.com
1801 23rd Avenue North   |  Suite 217    |  Fargo, North Dakota 58102
 

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] opensips behind firewall.

2019-02-27 Thread johan de clercq

Hi I have the following situation:

 

Phone: 10.2.1.2 ->fw ingress : 10.2.1.1 -> fw egress : 10.3.1.1 ->
opensips 10.3.1.2

 

There is no sip alg on the firewall. 

 

I have no idea if this possible, but how do I need to set rtpengine flags so
that rtpengine listens on 10.3.1.2 but announces 10.2.1.1 ?

Of course, the opensips machine has only 1 interface. 

 

 



Johan De Clercq, Managing Director
Democon bvba - Ooigemstraat 41 - 8780 Oostrozebeke

Tel +3256980990 - GSM +32478720104

 

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] OpenSIPs Load_balancer cluster count

2019-02-27 Thread Social Boh


Hello,

I'm using a Cluster between two OpenSIPs 2.4 Servers with module 
Load_Balancer and a N number of Asterisk.


I have noticed that when there is a lot of traffic, the calls count is 
not correct; always more than real.


opensipsctl fifo lb_list = Wrong

opensipsctl fifo get_statistics active_dialogs = OK

How can i fix it?

Regards

--
---
I'm SoCIaL, MayBe


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] TLS issue with WSS

2019-02-27 Thread Volkan Oransoy

Hi all,

I am trying to apply this tutorial to my test environment but I couldn't
solve a problem with TLS handshake.
https://www.opensips.org/Documentation/Tutorials-WebSocket-2-2

My configuration is simply like that.

listen=ws:10.10.10.10:8080
listen=wss:10.10.10.10:443
...
loadmodule "proto_tls.so"
loadmodule "proto_wss.so"
loadmodule "proto_ws.so"
loadmodule "tls_mgm.so"
modparam("tls_mgm", "certificate","/etc/letsencrypt/live/
testserver.example.net/fullchain.pem")
modparam("tls_mgm", "private_key","/etc/letsencrypt/live/
testserver.example.net/privkey.pem")



When I try to connect the server via a websocket client like SIP.js or
jssip, I got this error.

Feb 27 15:22:39 [26842] DBG:core:probe_max_sock_buff: getsockopt: snd is
initially 425984
Feb 27 15:22:39 [26842] INFO:core:probe_max_sock_buff: using snd buffer of
416 kb
Feb 27 15:22:39 [26842] INFO:core:init_sock_keepalive: TCP keepalive
enabled on socket 49
Feb 27 15:22:39 [26842] DBG:core:print_ip: tcpconn_new: new tcp connection
to: 192.168.100.100
Feb 27 15:22:39 [26842] DBG:core:tcpconn_new: on port 34560, proto 6
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: entered: Creating a
whole new ssl connection
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: looking up socket
based TLS server domain [10.10.10.10:443]
Feb 27 15:22:39 [26842] DBG:tls_mgm:tls_find_server_domain: virtual TLS
server domain not found, Using default TLS server domain settings
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: found socket based TLS
server domain [0.0.0.0:0]
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: Setting in ACCEPT mode
(server)
Feb 27 15:22:39 [26842] DBG:core:tcpconn_add: hashes: 607, 660
Feb 27 15:22:39 [26842] DBG:core:handle_new_connect: new connection:
0x7fd6a55d8240 49 flags: 001c
Feb 27 15:22:39 [26842] DBG:core:send2child: to tcp child 0 (26839),
0x7fd6a55d8240 rw 1
Feb 27 15:22:39 [26839] DBG:core:handle_io: We have received conn
0x7fd6a55d8240 with rw 1 on fd 5
Feb 27 15:22:39 [26839] DBG:core:io_watch_add: [TCP_worker] io_watch_add op
(5 on 46) (0x563321968480, 5, 19, 0x7fd6a55d8240,1), fd_no=4/1024
Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: Using the global
( per process ) buff
Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: ws_read end
Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
Feb 27 15:22:39 [26839] ERROR:proto_wss:tls_accept: New TLS connection from
192.168.100.100:34560 failed to accept
Feb 27 15:22:39 [26839] ERROR:proto_wss:wss_read_req: cannot fix read
connection
Feb 27 15:22:39 [26839] DBG:core:io_watch_del: [TCP_worker] io_watch_del op
on index 0 5 (0x563321968480, 5, 0, 0x10,0x3) fd_no=5 called
Feb 27 15:22:39 [26839] DBG:core:tcpconn_release:  releasing con
0x7fd6a55d8240, state -2, fd=-1, id=1151231636
Feb 27 15:22:39 [26839] DBG:core:tcpconn_release:  extra_data 0x7fd6a55d8438
Feb 27 15:22:39 [26842] DBG:core:handle_tcp_worker: response= 7fd6a55d8240,
-2 from tcp worker 26839 (0)
Feb 27 15:22:39 [26842] DBG:core:tcpconn_destroy: destroying connection
0x7fd6a55d8240, flags 001c
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_clean: entered
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_update_fd: New fd is 49



I have tried to test my installation with openssl client and I think it has
an issue with the setup because there is an error message.

➜ openssl s_client -connect testserver.example.net:443
CONNECTED(0005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = testserver.example.net
verify return:1
4499986028:error:14020410:SSL routines:CONNECT_CR_SESSION_TICKET:sslv3
alert handshake
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.230.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL
alert number 40
4499986028:error:140200E5:SSL routines:CONNECT_CR_SESSION_TICKET:ssl
handshake
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.230.1/libressl-2.6/ssl/ssl_pkt.c:585:
---
Certificate chain
 0 s:/CN=testserver.example.net
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-BEGIN CERTIFICATE-
MIIFYjCCBEqgAwIBAgISAyIztk4mccb0A0k9XLOtFkGXMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAyMTIwOTU4MTRaFw0x
OTA1MTMwOTU4MTRaMB8xHTAbBgNVBAMTFHNpcDMtdjIuYnVsdXRmb24ubmV0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DSkfcRZcjjhsyrnH6i/xmM2
7q9GfkPopmj8+RzJemdqSK7fSsGodSZznsYDn+b+u9AhYwr01WS0HPeag3kEMA+S
Bn8cu1s/osa9Jipj4BnkPhU14T4/9x/Tvurt8v1BdS6uYLqFInV1LnGfTp7XhlRY
uF+SRve0vxtXOPtokS68xvjVRrWI4UNR+S+neDvZqsDQQ6q2hcdQ1aRoEt0wbKO+

Re: [OpenSIPS-Users] opensips behind firewall.

[OpenSIPS-Users] lb_list shows an incorrect load in load balancer

Re: [OpenSIPS-Users] opensips behind firewall.

[OpenSIPS-Users] opensips version2.4.4 tls_mgm

[OpenSIPS-Users] SDP manipulation & rtpengine

[OpenSIPS-Users] opensips behind firewall.

[OpenSIPS-Users] OpenSIPs Load_balancer cluster count

[OpenSIPS-Users] TLS issue with WSS

8 matches

Site Navigation

Mail list logo

Footer information