Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[jacky z]

Hi Bogdan-Andrei,

I checked the mariadb documentation and found mariadb has two options to
set ssl connection: two-way TSL and one-way TSL. It seems AWS RDS only
supports one-way TSL, that is, TSL is used without a client cert. Does
OPENSIPS support such one-way TSL to connect a database? Thanks!

On Wed, Sep 14, 2022 at 12:06 AM jacky z  wrote:

> Hi Bogdan-Andrei,
>
> I have set the "certificate" and "private_key" in my script, as I
> explained in method 1. However, AWS RDS doesn't support a client cert.
> Please refer to
>
> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>
> Is there any workaround to use the public cert list provided by AWS?
> Anyone has successfully used RDS with SSL connections? Thanks!
>
> On Tue, Sep 13, 2022 at 9:54 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Set the certificate and key you have in the tls_mgm module, for the
>> "certificate" and "private_key" parameters.
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/13/22 2:57 PM, jacky z wrote:
>>
>> Hi Bogdan-Andrei,
>>
>> I tried two methods.
>>
>> Method 1:
>>
>> #enabled TLS connection:
>> modparam("db_mysql", "use_tls", 1)
>>
>> #setup a client domain:
>> modparam("tls_mgm", "client_domain", "dom1")
>> modparam("tls_mgm", "match_ip_address", "[dom1]*")
>> modparam("tls_mgm", "match_sip_domain", "[dom1]*")
>> modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
>> modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
>> modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
>> modparam("tls_mgm","tls_method", "[dom1]SSLv23")
>> modparam("tls_mgm","verify_cert", "[dom1]0")
>> modparam("tls_mgm","require_cert", "[dom1]0")
>> # set db_url
>> modparam("usrloc", "db_url", "mysql://root:1234@
>> /opensips?tls_domain=dom1")
>> ...
>>
>> I couldn't figure out how to use global-bundle.pem AWS provided with this
>> method. No luck to get a connection with RDS. If I don't use ssl, opensips
>> can connect to RDS without encryption.
>>
>> Method 2:
>>
>> I tried
>>
>> modparam("usrloc", "db_url", "mysql://root:1234@
>> /opensips?ssl=true&
>> ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")
>>
>> to include the AWS cert. Still no luck.
>>
>> Thanks!
>>
>> On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu 
>> wrote:
>>
>>> Hi,
>>>
>>> sorry for my silly question, but how do you connect from the OpenSIPS
>>> side ??
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>>   https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>   https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/13/22 10:41 AM, jacky z wrote:
>>>
>>> Hi Team,
>>>
>>> We hope to connect to aws RDS database with ssl encryption. We have
>>> setup a client domain according to OPENSIPS documents. However, AWS RDS
>>> does not support client cert as someone has confirmed with AWS
>>> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>>>
>>> Is there any way to use the cert provided by AWS to connect? AWS
>>> provides a global-bundle.pem (
>>> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)
>>> for such a connection, but we don't know how to include it in the config
>>> file.
>>>
>>> Thanks
>>>
>>> Jacky z
>>>
>>> ___
>>> Users mailing 
>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] unsubscribe

[Anand Gupta]

unsubscribe

On Tue, Sep 13, 2022 at 3:58 AM Bogdan-Andrei Iancu 
wrote:

> Hi Yury,
>
> it looks like you some multiple issues, overlapping here. The traps you
> sent here have nothing to do with the auto-scaling, but with a blocking TCP
> connect for SIP - most of the procs get blocked into a sync TCP connect.
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>   https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/12/22 4:39 PM, Yury Kirsanov wrote:
>
> Hi Bogdan,
> I've applied the patch (had to find where to apply it manually for 3.2.8
> downloaded from Web page, line 1568 instead of 1652) and restarted the
> server with only about 300-350 SIP devices and immediately got into same
> issue. I'm attaching two GDB dumps made within several minutes from each
> other. Autoscale was now OFF, please see my previous message as currently
> for some reason I'm experiencing lockups even when it's off :(
>
>
> Best regards,
> Yury.
>
> On Mon, Sep 12, 2022 at 7:48 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi Yuri,
>>
>> Could you give this patch a try? it should fix the blocking you
>> experience (it should apply on 3.2 too).
>>
>> Best regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/7/22 2:54 PM, Bogdan-Andrei Iancu wrote:
>>
>> Hi Yury,
>>
>> Thanks for the details info here - let me do a review of some code and
>> run some tests, as at this point I have a good idea on the direction to dig
>> into.
>>
>> I will update here.
>>
>> Best regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/6/22 11:24 AM, Yury Kirsanov wrote:
>>
>> Hi Bogdan,
>> Yes, I'm listening on all types of sockets including UDP, TCP and TLS on
>> the outside public interface and then forward traffic into internal LAN via
>> UDP only.
>>
>> Previously it was getting stuck quite easily, now I had to wait for a
>> while before this actually happened. I've routed part of my customers to
>> this server to obtain this result so I will have to do that again.
>>
>> As soon as I see one of the processes stuck I'll dot the trap command and
>> send you all the details including processes load, ps output and so on.
>>
>> For now I had to switch autoscaling off and just create many listeners.
>> Do I understand correctly that I need to restart OpenSIPS in order to apply
>> autoscaling profiles and reload-routes is not sufficient?
>>
>> Also, do I need separate UDP profiles for public and private interfaces?
>> And do I need to apply autoscaling profile just to a socket or I need to
>> specify udp or tcp_workers with autoscaler too?
>>
>> Thanks and best regards,
>> Yury.
>>
>> On Tue, 6 Sept 2022, 18:18 Bogdan-Andrei Iancu, 
>> wrote:
>>
>>> Hi Yury,
>>>
>>> Thanks for the info. I see that the stuck process (24) is an
>>> auto-scalled one (based on its id). Do you have SIP traffic from UDP to TCP
>>> or doing some HEP capturing for SIP ? I saw a recent similar report where a
>>> UDP auto-scalled worked got stuck when trying to do some communication with
>>> the TCP main/manager process (in order to handle a TCP operation).
>>>
>>> BTW, any chance to do a "opensips-cli -x trap" when you have that stuck
>>> process, just to see where is it stuck? and is it hard to reproduce? as I
>>> may ask you to extract some information from the running process
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>>   https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>   https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/3/22 6:54 PM, Yury Kirsanov wrote:
>>>
>>
>>
>> ___
>> Users mailing 
>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[jacky z]

Hi Bogdan-Andrei,

I have set the "certificate" and "private_key" in my script, as I explained
in method 1. However, AWS RDS doesn't support a client cert. Please refer to
https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws

Is there any workaround to use the public cert list provided by AWS? Anyone
has successfully used RDS with SSL connections? Thanks!

On Tue, Sep 13, 2022 at 9:54 PM Bogdan-Andrei Iancu 
wrote:

> Set the certificate and key you have in the tls_mgm module, for the
> "certificate" and "private_key" parameters.
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>   https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/13/22 2:57 PM, jacky z wrote:
>
> Hi Bogdan-Andrei,
>
> I tried two methods.
>
> Method 1:
>
> #enabled TLS connection:
> modparam("db_mysql", "use_tls", 1)
>
> #setup a client domain:
> modparam("tls_mgm", "client_domain", "dom1")
> modparam("tls_mgm", "match_ip_address", "[dom1]*")
> modparam("tls_mgm", "match_sip_domain", "[dom1]*")
> modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
> modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
> modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
> modparam("tls_mgm","tls_method", "[dom1]SSLv23")
> modparam("tls_mgm","verify_cert", "[dom1]0")
> modparam("tls_mgm","require_cert", "[dom1]0")
> # set db_url
> modparam("usrloc", "db_url", "mysql://root:1234@
> /opensips?tls_domain=dom1")
> ...
>
> I couldn't figure out how to use global-bundle.pem AWS provided with this
> method. No luck to get a connection with RDS. If I don't use ssl, opensips
> can connect to RDS without encryption.
>
> Method 2:
>
> I tried
>
> modparam("usrloc", "db_url", "mysql://root:1234@
> /opensips?ssl=true&
> ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")
>
> to include the AWS cert. Still no luck.
>
> Thanks!
>
> On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi,
>>
>> sorry for my silly question, but how do you connect from the OpenSIPS
>> side ??
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/13/22 10:41 AM, jacky z wrote:
>>
>> Hi Team,
>>
>> We hope to connect to aws RDS database with ssl encryption. We have setup
>> a client domain according to OPENSIPS documents. However, AWS RDS does not
>> support client cert as someone has confirmed with AWS
>> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>>
>> Is there any way to use the cert provided by AWS to connect? AWS provides
>> a global-bundle.pem (
>> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)
>> for such a connection, but we don't know how to include it in the config
>> file.
>>
>> Thanks
>>
>> Jacky z
>>
>> ___
>> Users mailing 
>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] proto_smpp questions

[Aleksandar Lolic]

Hi,



I have couple questions related to proto_smpp:



   1. Does proto_smpp support long message segmentation and concatenation
   (UDH and/or TLV).
   2. Multilanguage support in proto_smpp
   3. Support for SMPP over TLS.



Thank you

Aleksandar

-- 


NOTE: This email message and
any attachments are for the sole use of the 
intended recipient(s) and may
contain confidential and/or privileged 
information. Any unauthorized review,
use, disclosure or distribution is 
prohibited. If you are not the intended recipient,
please contact the 
sender by replying to this email, and destroy all copies of
the original 
message.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Load_Balancing

[Vadim Dumalekov via Users]

Hello!

Thanks! But I stayed with the LB-module and CacheDB-local. It works well!


Best regards!

 
> 9 сент. 2022 г., в 15:32, David Villasmil  
> написал(а):
> 
> Agreed, just go with dispatcher (I usually do random, which distributes the 
> calls pretty well)
> 
> On Fri, 9 Sep 2022 at 12:00, Bogdan-Andrei Iancu  > wrote:
> Vadim,
> 
> The 2 INVITE requests are not part of the same dialog, so you cannot use 
> dlg_val's - each initial INVITE is creating a different dialog.
> 
> Now, if you really want, you can rely on the fact that the 2 INVITEs 
> have the same call-id and and use the cachedb_local to remember which 
> Ast box handled the first INVITE. But this somehow will invalidate the 
> whole idea of balancing calls.
> 
> Regards,
> 
> Bogdan-Andrei Iancu
> 
> OpenSIPS Founder and Developer
>https://www.opensips-solutions.com 
> OpenSIPS Summit 27-30 Sept 2022, Athens
>https://www.opensips.org/events/Summit-2022Athens/ 
> 
> 
> On 9/9/22 10:44 AM, Vadim Dumalekov wrote:
> > Thanks!
> >
> > I have one more question. Why can't the dlg_val be set in this case.
> > This variable (dlg_val) is not passed to the second INVITE, although it is 
> > a SIP Dialog (INVITE -> 401 -> ACK -> INVITE ...)
> >
> >
> >> 9 сент. 2022 г., в 9:14, Bogdan-Andrei Iancu  >> > написал(а):
> >>
> >> Hi,
> >>
> >> Considering the fact that Ast_2 cannot perform auth on a challenge done by 
> >> Ast_1, you should re-consider the routing logic in OpenSIPS, and not to 
> >> use LB, but rather dispatcher with hashing over call-id for example.
> >>
> >> Regards,
> >>
> >> Bogdan-Andrei Iancu
> >>
> >> OpenSIPS Founder and Developer
> >>   https://www.opensips-solutions.com 
> >> OpenSIPS Summit 27-30 Sept 2022, Athens
> >>   https://www.opensips.org/events/Summit-2022Athens/ 
> >> 
> >>
> >> On 9/8/22 1:43 PM, Vadim Dumalekov via Users wrote:
> >>> Thank you for the answer!
> >>>
> >>> Yes, of cource. But there is this situation:
> >>>
> >>> UAC (INVITE w/o auth)  ->  OpenSIPS (LB: Ast_1)  ->  Ast_1 (401 Unauth)
> >>> UAC (INVITE with auth)  ->  OpenSIPS (LB: Ast_2)  ->  Ast_2 (401 Unauth)
> >>>
> >>> ... etc, until LB selects the same Asterisk for two INVITE`s (w/o auth 
> >>> and with auth).
> >>>
> >>>
> >>> Vadim
> >>>
>  8 сент. 2022 г., в 12:16, Bogdan-Andrei Iancu   > написал(а):
> 
>  Hi Vadim,
> 
>  If you have a cluster of ASterisk servers, each box from the cluster 
>  should be able to handle the auth response, even if the challenge was 
>  done by a different one. Otherwise it is not a cluster, but a bunch of 
>  servers.
> 
>  Regards,
> 
>  Bogdan-Andrei Iancu
> 
>  OpenSIPS Founder and Developer
>    https://www.opensips-solutions.com 
>  
>  OpenSIPS Summit 27-30 Sept 2022, Athens
>    https://www.opensips.org/events/Summit-2022Athens/ 
>  
> 
>  On 9/7/22 3:52 PM, Vadim Dumalekov via Users wrote:
> > Hello!
> >
> > Please help me. I'm using the Load_Balancer module for the incoming 
> > calls to an Asterisk cluster. When an INVITE is sent to one of the 
> > Asterisks, we receive the "401 Unauthorized" message from that server. 
> > But when UAC sends the INVITE with the authorization, the LB-module 
> > sends it to another Asterisk. Sometimes it happens multiple times.
> >
> >
> > Thanks in advance!
> >
> > Vadim.
> >
> >
> > ___
> > Users mailing list
> > Users@lists.opensips.org 
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
> > 
>  ___
>  Users mailing list
>  Users@lists.opensips.org 
>  http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
>  
> >>> ___
> >>> Users mailing list
> >>> Users@lists.opensips.org 
> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
> >>> 
> 
> 
> ___
> Users mailing list
> Users@lists.opensips.org 
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
> 
> -- 
> Regards,
> 
> David Villasmil
> email: david.villasmil.w...@gmail.com 
> phone: 

Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[Bogdan-Andrei Iancu]

Set the certificate and key you have in the tls_mgm module, for the 
"certificate" and "private_key" parameters.


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/13/22 2:57 PM, jacky z wrote:

Hi Bogdan-Andrei,

I tried two methods.

Method 1:

#enabled TLS connection:
modparam("db_mysql", "use_tls", 1)

#setup a client domain:
modparam("tls_mgm", "client_domain", "dom1")
modparam("tls_mgm", "match_ip_address", "[dom1]*")
modparam("tls_mgm", "match_sip_domain", "[dom1]*")
modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","tls_method", "[dom1]SSLv23")
modparam("tls_mgm","verify_cert", "[dom1]0")
modparam("tls_mgm","require_cert", "[dom1]0")
# set db_url
modparam("usrloc", "db_url", 
"mysql://root:1234@/opensips?tls_domain=dom1")

...

I couldn't figure out how to use global-bundle.pem AWS provided with 
this method. No luck to get a connection with RDS. If I don't use ssl, 
opensips can connect to RDS without encryption.


Method 2:

I tried

modparam("usrloc", "db_url", 
"mysql://root:1234@/opensips?ssl=true_ca_certs=/etc/ssl/certs/global-bundle.pem")


to include the AWS cert. Still no luck.

Thanks!

On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu 
mailto:bog...@opensips.org>> wrote:


Hi,

sorry for my silly question, but how do you connect from the
OpenSIPS side ??

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/  


On 9/13/22 10:41 AM, jacky z wrote:

Hi Team,

We hope to connect to aws RDS database with ssl encryption. We
have setup a client domain according to OPENSIPS documents.
However, AWS RDS does not support client cert as someone has
confirmed with AWS

https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws



Is there any way to use the cert provided by AWS to connect? AWS
provides a global-bundle.pem

(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

)
for such a connection, but we don't know how to include it in the
config file.

Thanks

Jacky z

___
Users mailing list
Users@lists.opensips.org  
http://lists.opensips.org/cgi-bin/mailman/listinfo/users  





___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Opensips CP Permissions "RELOAD on SERVER" produces error

[Bogdan-Andrei Iancu]

Be sure you have in the opensips.cfg file the
    loadmodule "permissions.so"
line

PS: and please post to the list, not privately ;)

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/13/22 3:31 PM, mtck01 wrote:


Hello, I am very new to OpenSIPS and have the same error.   I looked 
everywhere but am still confused.  I installed all the modules but how 
do I ‘load’ the permissions module..?


Regards,

Martin

Bogdan-Andrei Iancu 
Wed, 
21 Jul 2021 23:59:41 -0700 



Hi Jeff,

Are you sure the OpenSIPS (your CP is connected to ) has the 
permissions module loaded ?


Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com 
OpenSIPS Bootcamp 2021 online
https://opensips.org/training/OpenSIPS_eBootcamp_2021/ 


On 7/21/21 4:17 PM, Jeff Wilkie wrote:
Opensips 3.1.2
CP 8.3.1
Debian 10

When adding permissions, I hit "Reload on Server" but I get 
the following error:


Sending to*json:127.0.0.1:/mi >*:MI command failed with code -32601 
(Method not found)


I

I don't get this error on any other page but this one 
when attempting to "Reload on Server".  Is there something 
specifically wrong with this page and how it uses the MI command 
structure?  Again, All other pages that use the "Reload on Server" 
give a 200ok and work as expected.


Thanks,
Jeff
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 





___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[jacky z]

Hi Bogdan-Andrei,

I tried two methods.

Method 1:

#enabled TLS connection:
modparam("db_mysql", "use_tls", 1)

#setup a client domain:
modparam("tls_mgm", "client_domain", "dom1")
modparam("tls_mgm", "match_ip_address", "[dom1]*")
modparam("tls_mgm", "match_sip_domain", "[dom1]*")
modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","tls_method", "[dom1]SSLv23")
modparam("tls_mgm","verify_cert", "[dom1]0")
modparam("tls_mgm","require_cert", "[dom1]0")
# set db_url
modparam("usrloc", "db_url", "mysql://root:1234@
/opensips?tls_domain=dom1")
...

I couldn't figure out how to use global-bundle.pem AWS provided with this
method. No luck to get a connection with RDS. If I don't use ssl, opensips
can connect to RDS without encryption.

Method 2:

I tried

modparam("usrloc", "db_url", "mysql://root:1234@
/opensips?ssl=true&
ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")

to include the AWS cert. Still no luck.

Thanks!

On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu 
wrote:

> Hi,
>
> sorry for my silly question, but how do you connect from the OpenSIPS side
> ??
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>   https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/13/22 10:41 AM, jacky z wrote:
>
> Hi Team,
>
> We hope to connect to aws RDS database with ssl encryption. We have setup
> a client domain according to OPENSIPS documents. However, AWS RDS does not
> support client cert as someone has confirmed with AWS
> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>
> Is there any way to use the cert provided by AWS to connect? AWS provides
> a global-bundle.pem (
> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)
> for such a connection, but we don't know how to include it in the config
> file.
>
> Thanks
>
> Jacky z
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Autoscaler in 3.2.x

[Yury Kirsanov]

Hi Bogdan,
Thanks for this update, but it looks like I can't check autoscaler because
of this first issue with blocking TCP connect. Is there a way to resolve
it? Am I doing something wrong? Or is that something to do with OpenSIPS
code? As yes, you're right, as soon as I restart OpenSIPS having a lot of
SIP devices trying to connect to it - it goes crazy, starts to consume
memory and stops to forward packets sitting there at 100% load until it
runs out of memory and segfaults. Sometimes I can't even restart it to come
to normal state to make it work, it just loops into same crash whatever I
try to do.

I've compiled OpenSIPS 3.3.1 with your patch and was able to start it but
not sure, maybe I was just lucky this time.

What should I do? Thanks!

Best regards,
Yury.

On Tue, 13 Sept 2022, 18:56 Bogdan-Andrei Iancu, 
wrote:

> Hi Yury,
>
> it looks like you some multiple issues, overlapping here. The traps you
> sent here have nothing to do with the auto-scaling, but with a blocking TCP
> connect for SIP - most of the procs get blocked into a sync TCP connect.
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>   https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/12/22 4:39 PM, Yury Kirsanov wrote:
>
> Hi Bogdan,
> I've applied the patch (had to find where to apply it manually for 3.2.8
> downloaded from Web page, line 1568 instead of 1652) and restarted the
> server with only about 300-350 SIP devices and immediately got into same
> issue. I'm attaching two GDB dumps made within several minutes from each
> other. Autoscale was now OFF, please see my previous message as currently
> for some reason I'm experiencing lockups even when it's off :(
>
>
> Best regards,
> Yury.
>
> On Mon, Sep 12, 2022 at 7:48 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi Yuri,
>>
>> Could you give this patch a try? it should fix the blocking you
>> experience (it should apply on 3.2 too).
>>
>> Best regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/7/22 2:54 PM, Bogdan-Andrei Iancu wrote:
>>
>> Hi Yury,
>>
>> Thanks for the details info here - let me do a review of some code and
>> run some tests, as at this point I have a good idea on the direction to dig
>> into.
>>
>> I will update here.
>>
>> Best regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/6/22 11:24 AM, Yury Kirsanov wrote:
>>
>> Hi Bogdan,
>> Yes, I'm listening on all types of sockets including UDP, TCP and TLS on
>> the outside public interface and then forward traffic into internal LAN via
>> UDP only.
>>
>> Previously it was getting stuck quite easily, now I had to wait for a
>> while before this actually happened. I've routed part of my customers to
>> this server to obtain this result so I will have to do that again.
>>
>> As soon as I see one of the processes stuck I'll dot the trap command and
>> send you all the details including processes load, ps output and so on.
>>
>> For now I had to switch autoscaling off and just create many listeners.
>> Do I understand correctly that I need to restart OpenSIPS in order to apply
>> autoscaling profiles and reload-routes is not sufficient?
>>
>> Also, do I need separate UDP profiles for public and private interfaces?
>> And do I need to apply autoscaling profile just to a socket or I need to
>> specify udp or tcp_workers with autoscaler too?
>>
>> Thanks and best regards,
>> Yury.
>>
>> On Tue, 6 Sept 2022, 18:18 Bogdan-Andrei Iancu, 
>> wrote:
>>
>>> Hi Yury,
>>>
>>> Thanks for the info. I see that the stuck process (24) is an
>>> auto-scalled one (based on its id). Do you have SIP traffic from UDP to TCP
>>> or doing some HEP capturing for SIP ? I saw a recent similar report where a
>>> UDP auto-scalled worked got stuck when trying to do some communication with
>>> the TCP main/manager process (in order to handle a TCP operation).
>>>
>>> BTW, any chance to do a "opensips-cli -x trap" when you have that stuck
>>> process, just to see where is it stuck? and is it hard to reproduce? as I
>>> may ask you to extract some information from the running process
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>>   https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>   https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/3/22 6:54 PM, Yury Kirsanov wrote:
>>>
>>
>>
>> ___
>> Users mailing 
>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
___
Users mailing list

Re: [OpenSIPS-Users] Autoscaler in 3.2.x

[Bogdan-Andrei Iancu]

Hi Yury,

it looks like you some multiple issues, overlapping here. The traps you 
sent here have nothing to do with the auto-scaling, but with a blocking 
TCP connect for SIP - most of the procs get blocked into a sync TCP connect.


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/12/22 4:39 PM, Yury Kirsanov wrote:

Hi Bogdan,
I've applied the patch (had to find where to apply it manually for 
3.2.8 downloaded from Web page, line 1568 instead of 1652) and 
restarted the server with only about 300-350 SIP devices and 
immediately got into same issue. I'm attaching two GDB dumps made 
within several minutes from each other. Autoscale was now OFF, please 
see my previous message as currently for some reason I'm experiencing 
lockups even when it's off :(



Best regards,
Yury.

On Mon, Sep 12, 2022 at 7:48 PM Bogdan-Andrei Iancu 
mailto:bog...@opensips.org>> wrote:


Hi Yuri,

Could you give this patch a try? it should fix the blocking you
experience (it should apply on 3.2 too).

Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/  


On 9/7/22 2:54 PM, Bogdan-Andrei Iancu wrote:

Hi Yury,

Thanks for the details info here - let me do a review of some
code and run some tests, as at this point I have a good idea on
the direction to dig into.

I will update here.

Best regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/  

On 9/6/22 11:24 AM, Yury Kirsanov wrote:

Hi Bogdan,
Yes, I'm listening on all types of sockets including UDP, TCP
and TLS on the outside public interface and then forward traffic
into internal LAN via UDP only.

Previously it was getting stuck quite easily, now I had to wait
for a while before this actually happened. I've routed part of
my customers to this server to obtain this result so I will have
to do that again.

As soon as I see one of the processes stuck I'll dot the trap
command and send you all the details including processes load,
ps output and so on.

For now I had to switch autoscaling off and just create many
listeners. Do I understand correctly that I need to restart
OpenSIPS in order to apply autoscaling profiles and
reload-routes is not sufficient?

Also, do I need separate UDP profiles for public and private
interfaces? And do I need to apply autoscaling profile just to a
socket or I need to specify udp or tcp_workers with autoscaler too?

Thanks and best regards,
Yury.

On Tue, 6 Sept 2022, 18:18 Bogdan-Andrei Iancu,
mailto:bog...@opensips.org>> wrote:

Hi Yury,

Thanks for the info. I see that the stuck process (24) is an
auto-scalled one (based on its id). Do you have SIP traffic
from UDP to TCP or doing some HEP capturing for SIP ? I saw
a recent similar report where a UDP auto-scalled worked got
stuck when trying to do some communication with the TCP
main/manager process (in order to handle a TCP operation).

BTW, any chance to do a "opensips-cli -x trap" when you have
that stuck process, just to see where is it stuck? and is it
hard to reproduce? as I may ask you to extract some
information from the running process

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  

OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/  


On 9/3/22 6:54 PM, Yury Kirsanov wrote:




___
Users mailing list
Users@lists.opensips.org  
http://lists.opensips.org/cgi-bin/mailman/listinfo/users  





___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] sl question.

[johan]

I have put my opensips.cfg to abolute bare metal and do the needed
manips in sipp.

route{
    # ASYNC PROCESSING => opensips handles it
    if (is_method("OPTIONS|NOTIFY|SUBSCRIBE")) {
    send_reply(200,"OK");
    drop();
    }
    
    if ($sp==IADPORT)   
    {
    xlog("from iad sp==$sp==IADPORT, we rewrite to sipp listening
port SIPPPORT and we forward to SIPPIP");
    forward("SIPPIP:SIPPPORT");
   
    }
    else if ($sp==SIPPPORT)
    {
    xlog("from sipp sp==$sp==SIPPPORT, we rewrite to iad listening
port IADPORT and we forward to IADIP");
    forward("IADIP:IADPORT");
    }
    else
    {
    xlog("sp==$sp!=[IADPORT,SIPPPORT], we drop the packet");
    drop();
    }
}

This works, so you can forget about this. 

On 12/09/2022 17:03, johan wrote:
>
> so the question is how can I do a forward message to an ip port
> without opensips rewriting the uri of ACK in stateless mode ? 
>
> On 12/09/2022 16:55, johan wrote:
>>
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_msg: SIP Request:
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_msg:  method:  
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_msg:  uri:
>> 
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_msg:  version: 
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_headers: flags=
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_via_param: found param type 232,  =
>> ; state=16
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_via: end of header reached, state=5
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_headers: via found, flags=
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_headers: this is the first via
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_to_param: tag=4SpHB6a416Ucg
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_to_param: end of header reached, state=13
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:_parse_to: end of header reached, state=29
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:_parse_to: display={sut},
>> ruri={sip:+32478720104@192.168.68.120:5060}
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:get_hdr_field:  [62];
>> uri=[sip:+32478720104@192.168.68.120:5060]
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:get_hdr_field: to body [sut
>> ]
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:get_hdr_field: cseq : <1> 
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:get_hdr_field: content_length=0
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:get_hdr_field: found end of header
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:receive_msg: After parse_msg...
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:receive_msg: preparing to run routing scripts...
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:sl:sl_filter_ACK: too late to be a local ACK!
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:comp_scriptvar: int 20: 5062 / 5060
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:comp_scriptvar: int 20: 5062 / 5062
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: from sipp
>> sp==5062==5062, we rewrite to iad listening port 5060 and we forward
>> to 185.58.97.161
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_to_param: tag=1
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_to_param: end of header reached, state=11
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:_parse_to: end of header reached, state=29
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:_parse_to: display={sipp}, ruri={sip:sipp@192.168.68.120:5062}
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:uac:w_replace_from: dsp=0x7ffe38fec2d8 (len=0) ,
>> uri=0x7ffe38fec2f0 (len=41)
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> ERROR:uac:replace_uri: decline FROM/TO replacing in sequential
>> request in auto mode (has TO tag)
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> ERROR:uac:replace_uri: decline FROM/TO replacing in sequential
>> request in auto mode (has TO tag)
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:MD5StringArray: MD5 calculated: 100352e3496e8c8bc067bbd48b3fff67
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_headers: flags=60
>> Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]:
>> DBG:core:parse_headers: flags=
>> Sep 12 10:45:38 

Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[Bogdan-Andrei Iancu]

Hi,

sorry for my silly question, but how do you connect from the OpenSIPS 
side ??


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/13/22 10:41 AM, jacky z wrote:

Hi Team,

We hope to connect to aws RDS database with ssl encryption. We have 
setup a client domain according to OPENSIPS documents. However, AWS 
RDS does not support client cert as someone has confirmed with AWS 
https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws 



Is there any way to use the cert provided by AWS to connect? AWS 
provides a global-bundle.pem 
(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html 
) 
for such a connection, but we don't know how to include it in the 
config file.


Thanks

Jacky z

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Using use_next_gw with partitions

[Bogdan-Andrei Iancu]

On the second question: you cannot exclude. The only options are (1) use 
one partition or (2) use all partitions.


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/11/22 12:36 AM, Marcin Groszek wrote:

drouting module:

use_next_gw() does not allow for wildcard in partition

How do I get a partition name to be used in use_next_gw() if first 
gateway fails?


Perhaps I should be little more specific. opensips version 3.1.5

multiple partitions, wild card is used in do_routing() but if specify 
gateway fails then I am unable to use use_next_gw() without knowing 
name of the partition. Is there a var that I can pull when 1st gateway 
fails to be used in use_next_gw(,,,"$avp(partition_name)")  ?


second question, how can I exclude partitions from wildcard in 
do_routing(), for now we use groupid do distinguish between routes. 
Can wild card such  "cus*" or "carrier*" be used as a wildcard, where  
partition names would be cus_1, cus_2, cus3...carrier_1, carrier_2...


Wen we send the call to carrier I wish to search only "carrier*", if 
possible.






___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] sl question.

[Bogdan-Andrei Iancu]

Well, use $du to the destination of the ACK, instead of $ru.

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/12/22 6:03 PM, johan wrote:


so the question is how can I do a forward message to an ip port 
without opensips rewriting the uri of ACK in stateless mode ?


On 12/09/2022 16:55, johan wrote:


Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_msg: SIP Request:
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_msg:  method:  
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_msg:  uri: 

Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_msg:  version: 
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_headers: flags=
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_via_param: found param type 232,  = 
; state=16
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_via: end of header reached, state=5
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_headers: via found, flags=
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_headers: this is the first via
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_to_param: tag=4SpHB6a416Ucg
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_to_param: end of header reached, state=13
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:_parse_to: end of header reached, state=29
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:_parse_to: display={sut}, 
ruri={sip:+32478720104@192.168.68.120:5060}
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:get_hdr_field:  [62]; 
uri=[sip:+32478720104@192.168.68.120:5060]
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:get_hdr_field: to body [sut 
]
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:get_hdr_field: cseq : <1> 
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:get_hdr_field: content_length=0
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:get_hdr_field: found end of header
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:receive_msg: After parse_msg...
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:receive_msg: preparing to run routing scripts...
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:sl:sl_filter_ACK: too late to be a local ACK!
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:comp_scriptvar: int 20: 5062 / 5060
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:comp_scriptvar: int 20: 5062 / 5062
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: from sipp 
sp==5062==5062, we rewrite to iad listening port 5060 and we forward 
to 185.58.97.161
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_to_param: tag=1
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_to_param: end of header reached, state=11
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:_parse_to: end of header reached, state=29
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:_parse_to: display={sipp}, ruri={sip:sipp@192.168.68.120:5062}
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:uac:w_replace_from: dsp=0x7ffe38fec2d8 (len=0) , 
uri=0x7ffe38fec2f0 (len=41)
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
ERROR:uac:replace_uri: decline FROM/TO replacing in sequential 
request in auto mode (has TO tag)
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
ERROR:uac:replace_uri: decline FROM/TO replacing in sequential 
request in auto mode (has TO tag)
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:MD5StringArray: MD5 calculated: 100352e3496e8c8bc067bbd48b3fff67
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_headers: flags=60
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:parse_headers: flags=
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:forward_request: sending:#012ACK 
sip:+32478720104@x.y.z.t:*5060*;transport=udp;alias=x.y.z.t~11000~1 SIP>
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:forward_request: orig. len=419, new_len=510, proto=1
Sep 12 10:45:38 sipp /data/opensips/sbin/opensips[1684]: 
DBG:core:destroy_avp_list: destroying list 0x7f9d4b464ae8



On 12/09/2022 16:24, johan wrote:

Hi,

setup : opensips acts as a client of a remote server (i.e. opensips
registers itself towards a provider) and handles the OPTIONS being
sent.   On the same pc I have a sipp instance that generates traffic.

hence


provider <- udp 5060 -> opensips <-udp 5062-> sipp


The issue 

[OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[jacky z]

Hi Team,

We hope to connect to aws RDS database with ssl encryption. We have setup a
client domain according to OPENSIPS documents. However, AWS RDS does not
support client cert as someone has confirmed with AWS
https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws

Is there any way to use the cert provided by AWS to connect? AWS provides a
global-bundle.pem (
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)
for such a connection, but we don't know how to include it in the config
file.

Thanks

Jacky z
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users