Re: [OpenSIPS-Users] Opensips 3.2.8 does not send message with opensips-cli command
Also tried version 3.2.2. The same issue. The existing TCP connection can't
be found when there is a Message request, either from msilo dump or
opensips-cli command. A message sent directly is normal when the receiver
side registers with a living TCP socket. Guess this would also affect other
behavior where an existing TCP connection needs to be found. From the log,
the connection ID is zero. Very strange behavior. I would like to debug,
but not familiar with the source code structure. For example how a TCP
connection is looked for and which file handles this. Guess it is not
difficult to fix, hope the Opensips team can help. Thank you!
On Tue, Sep 27, 2022 at 10:56 PM jacky z wrote:
> Who can help on this? It is difficult to understand why the live tcp
> connection can't be found with opensips 3.2. It works well with opensips
> 3.1. Thanks!
>
> On Mon, Sep 26, 2022 at 3:54 PM jacky z wrote:
>
>> Hi Team,
>>
>> We use MI command to send messages to a user successfully with opensips
>> 3.1, but after we upgraded to 3.2.8, the message can't be sent with
>> opensips-cli command.
>>
>> We compared the logs and found that when the command was run on 3.2.8,
>> the tcp connection couldn't be found though we can confirm there was a tcp
>> connection. Another strange behavior is that it did not lookup the location
>> table for the ruri and it seems the message route was not called. On 3.2.8,
>> if we specify the ruri in the command with the actual ip address and port
>> we manually found in the location table, the message can be sent. We also
>> found the msilo module can't send messages on 3.2.8 but it works well on
>> 3.1.
>>
>> Here is the command we used:
>>
>> opensips-cli -x mi t_uac_dlg method=MESSAGE
>> ruri="sip:12...@sip.domain.com:5061;transport=TLS" headers="From:
>> sip:6...@sip.domain.com:5061;transport=tls\r\nTo:
>> sip:12...@sip.domain.com:5061;transport=TLS\r\nContact:
>> sip:6...@sip.domain.com:5061;transport=tls\r\nContent-Type:
>> text/plain\r\n" body="this is a message"
>>
>> Here are the logs on 3.1 and 3.2.8 respectively,
>>
>> Logs for OPENSIPS 3.2
>>
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: SIP Request:
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: method:
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: uri:
>>
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: version:
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
>> flags=
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via_param: found param
>> type 232, = ; state=16
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via: end of header
>> reached, state=5
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: via found,
>> flags=
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: this is the first
>> via
>> Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: end of header
>> reached, state=9
>> Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: display={}, ruri={
>> sip:6989229...@sip.domain.com:5061}
>> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: [37]; uri=[
>> sip:6989229...@sip.domain.com:5061]
>> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: to body [
>> sip:6989229...@sip.domain.com:5061#015#012
>> <http://sip:6989229...@sip.domain.com:5061#015%23012>]
>> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: cseq : <10>
>>
>> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: content_length=28
>> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: found end of
>> header
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
>> flags=
>> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: flags=78
>> Sep 26 07:21:13 opensips[3477]: DBG:proto_tls:proto_tls_send: no open tcp
>> connection found, opening new one, async = 0
>> Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: getsockopt:
>> snd is initially 16384
>> Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: using snd
>> buffer of 416 kb
>> Sep 26 07:21:13 opensips[3477]: DBG:core:init_sock_keepalive: TCP
>> keepalive enabled on socket 103
>> Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_connect_blocking_timeout:
>> connect timed out, 179 us elapsed out of 100 us
>> Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_sync_connect_fd:
>> tcp_blocking_connect failed
>> Sep 26 07:21:14 opensips[3477]: ERROR:proto_tls:proto_tls_send: connect
>> failed
>> Sep 26 07:21:14 opensips[3477]: ERRO
Re: [OpenSIPS-Users] Opensips 3.2.8 does not send message with opensips-cli command
Who can help on this? It is difficult to understand why the live tcp
connection can't be found with opensips 3.2. It works well with opensips
3.1. Thanks!
On Mon, Sep 26, 2022 at 3:54 PM jacky z wrote:
> Hi Team,
>
> We use MI command to send messages to a user successfully with opensips
> 3.1, but after we upgraded to 3.2.8, the message can't be sent with
> opensips-cli command.
>
> We compared the logs and found that when the command was run on 3.2.8, the
> tcp connection couldn't be found though we can confirm there was a tcp
> connection. Another strange behavior is that it did not lookup the location
> table for the ruri and it seems the message route was not called. On 3.2.8,
> if we specify the ruri in the command with the actual ip address and port
> we manually found in the location table, the message can be sent. We also
> found the msilo module can't send messages on 3.2.8 but it works well on
> 3.1.
>
> Here is the command we used:
>
> opensips-cli -x mi t_uac_dlg method=MESSAGE
> ruri="sip:12...@sip.domain.com:5061;transport=TLS" headers="From:
> sip:6...@sip.domain.com:5061;transport=tls\r\nTo:
> sip:12...@sip.domain.com:5061;transport=TLS\r\nContact:
> sip:6...@sip.domain.com:5061;transport=tls\r\nContent-Type:
> text/plain\r\n" body="this is a message"
>
> Here are the logs on 3.1 and 3.2.8 respectively,
>
> Logs for OPENSIPS 3.2
>
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: SIP Request:
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: method:
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: uri:
>
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: version:
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
> flags=
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via_param: found param type
> 232, = ; state=16
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via: end of header reached,
> state=5
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: via found,
> flags=
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: this is the first
> via
> Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: end of header reached,
> state=9
> Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: display={}, ruri={
> sip:6989229...@sip.domain.com:5061}
> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: [37]; uri=[
> sip:6989229...@sip.domain.com:5061]
> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: to body [
> sip:6989229...@sip.domain.com:5061#015#012
> <http://sip:6989229...@sip.domain.com:5061#015%23012>]
> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: cseq : <10>
>
> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: content_length=28
> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: found end of header
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
> flags=
> Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: flags=78
> Sep 26 07:21:13 opensips[3477]: DBG:proto_tls:proto_tls_send: no open tcp
> connection found, opening new one, async = 0
> Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: getsockopt:
> snd is initially 16384
> Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: using snd
> buffer of 416 kb
> Sep 26 07:21:13 opensips[3477]: DBG:core:init_sock_keepalive: TCP
> keepalive enabled on socket 103
> Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_connect_blocking_timeout:
> connect timed out, 179 us elapsed out of 100 us
> Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_sync_connect_fd:
> tcp_blocking_connect failed
> Sep 26 07:21:14 opensips[3477]: ERROR:proto_tls:proto_tls_send: connect
> failed
> Sep 26 07:21:14 opensips[3477]: ERROR:tm:msg_send: send() to
> 12.34.56.78:5061 for proto tls/3 failed
> Sep 26 07:21:14 opensips[3477]: ERROR:tm:t_uac: attempt to send to
> 'sip:6989229...@sip.domain.com:5061;transport=TLS' failed
>
> Logs for OPENSIPS 3.1
>
> Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
> DBG:core:parse_msg: SIP Request:
> Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
> DBG:core:parse_msg: method:
> Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
> DBG:core:parse_msg: uri: ;transport=TLS>
> Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
> DBG:core:parse_msg: version:
> Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
> DBG:core:parse_headers: flags=
> Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
> DBG:core:parse_via_param: found param type 232, =
> ; state=16
> Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
> DBG:core:parse_via: end of header reache
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Ovidiu,
I solved this problem by hardcoding the cert address in the my_con.c
address. Guess the cert setup in the config file can't be loaded correctly
when my_con.c calls it.
On Tue, Sep 27, 2022 at 7:34 AM Ovidiu Sas wrote:
> I encountered a crash related to TLS connections and I was wondering
> if it's a similar issue.
> It seems not, the crash that I encountered happens only on 3.3.
>
> If you installed opensips from a package, you need to install
> opensips-dbg package to get the debug symbols.
> After that, you can locate the core file on your server and inspect it
> with gdb.
> Everything should be detailed here:
> https://www.opensips.org/Documentation/TroubleShooting-Crash
>
> -ovidiu
>
> On Mon, Sep 26, 2022 at 2:54 AM jacky z wrote:
> >
> > Hi Ovidiu,
> >
> > The version I am using is 3.2. I am not familiar with the debug symbols,
> but guess this can be reproduced easily. With ?tls_domain=dom1 attached
> after the mysql address, it happens. Can you simply check if it is the same
> behavior? If not, I will dig further by learning how to use the debug
> symbols. Thanks!
> >
> > On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas
> wrote:
> >>
> >> Which version of opensips are you using?
> >> Can you install the debug symbols and get a backtrace from the core
> file?
> >> https://www.opensips.org/Documentation/TroubleShooting-Crash
> >>
> >> Regards,
> >> Ovidiu Sas
> >>
> >> On Sun, Sep 25, 2022 at 6:32 AM jacky z wrote:
> >> >
> >> > Hi Vlad,
> >> >
> >> > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls
> connection to mysql db. I followed the method in the manual.
> >> >
> >> > modparam("usrloc", "db_url", "mysql://root:1234@localhost
> /opensips?tls_domain=dom1")
> >> >
> >> >
> >> > Here is the log.
> >> >
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:mod_init: initializing TLS management
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using default
> '/etc/pki/CA/'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT
> activated. Weaker security.
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using
> default '/etc/pki/CA/'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT
> activated. Weaker security.
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_tls:mod_init: initializing TLS protocol
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_bin:mod_init: initializing BIN protocol
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:clusterer:mod_init: Clusterer module - initializing
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> CRITICAL:core:sig_usr: segfault in attendant (starter) process!
> >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243]
> opensips[4935]: segfault at 0 ip sp 7ffececa3d08 error
> 14 in opensips[558b5bb75000+1c000]
> >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP
> value.
> >> > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize:
> pre-daemon process exiting with -1
> >> >
> >> > and my client domain settings
> >> >
> >> > #client domain
> >> > modparam("tls_mgm", "client_domain", "dom1")
> >>
[OpenSIPS-Users] OPENSIPS 3.2.8 msilo can't send offline message on Register
Hi Team,
We are testing Opensips 3.2.8 and found it can't send stored offline
messages on register. Compared with 3.1, it doesn't look for the tcp con.
Here are the comparisons between the logs of these two versions:
In 3.1, the existing con was looked and found and then the message was
sent. Please refer to the texts in red.
Sep 26 08:09:56 opensips[11566]: DBG:tm:print_request_uri:
sip:3293543...@sip.domain.com:5061
Sep 26 08:09:56 opensips[11566]: DBG:tm:run_local_route: building sip_msg
from buffer
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: SIP Request:
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: method:
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: uri: <
sip:3293543...@sip.domain.com:5061>
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: version:
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers:
flags=
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_via_param: found param type
232, = ; state=16
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_via: end of header reached,
state=5
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: via found,
flags=
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: this is the first
via
Sep 26 08:09:56 opensips[11566]: DBG:core:_parse_to: end of header reached,
state=9
Sep 26 08:09:56 opensips[11566]: DBG:core:_parse_to: display={}, ruri={
sip:3293543...@sip.domain.com:5061}
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: [38]; uri=[
sip:3293543...@sip.domain.com:5061]
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: to body [
sip:3293543...@sip.domain.com:5061#015#012]
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: cseq : <10>
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: content_length=28
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: found end of header
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers:
flags=
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: flags=78
*Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: con found in state
0*
*Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: tcp connection
found (0x7fd4544f8130), acquiring fd*
*Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: c= 0x7fd4544f8130,
n=16, Usock=89*
Sep 26 08:09:56 opensips[11571]: DBG:core:handle_worker: read response=
7fd4544f8130, 1, fd -1 from 9 (11566)
Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: after receive_fd:
c= 0x7fd4544f8130 n=8 fd=118
Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:proto_tls_send: sending via
fd 118...
Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:tls_update_fd: New fd is 118
Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:tls_write: write was
successful (555 bytes)
In 3.2.8, it seems the tcp connection was not looked for or found. There is
no tcp_conn_get as shown in the logs of 3.1, but reach the conclusion no
tcp connection found. It seems something is missing.
Sep 26 08:18:33 opensips[3481]: DBG:tm:run_local_route: building sip_msg
from buffer
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: SIP Request:
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: method:
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: uri: <
sip:6989229...@sip.domain.com>
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: version:
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers:
flags=
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_via_param: found param type
232, = ; state=16
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_via: end of header reached,
state=5
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: via found,
flags=
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: this is the first
via
Sep 26 08:18:33 opensips[3481]: DBG:core:_parse_to: end of header reached,
state=9
Sep 26 08:18:33 opensips[3481]: DBG:core:_parse_to: display={}, ruri={
sip:6989229...@sip.domain.com}
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: [32]; uri=[
sip:6989229...@sip.domain.com]
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: to body [
sip:6989229...@sip.domain.com#015#012]
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: cseq : <10>
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: content_length=36
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: found end of header
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers:
flags=
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: flags=78
*Sep 26 08:18:33 opensips[3481]: DBG:proto_tls:proto_tls_send: no open tcp
connection found, opening new one, async = 0*
Thank you!
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Opensips 3.2.8 does not send message with opensips-cli command
Hi Team,
We use MI command to send messages to a user successfully with opensips
3.1, but after we upgraded to 3.2.8, the message can't be sent with
opensips-cli command.
We compared the logs and found that when the command was run on 3.2.8, the
tcp connection couldn't be found though we can confirm there was a tcp
connection. Another strange behavior is that it did not lookup the location
table for the ruri and it seems the message route was not called. On 3.2.8,
if we specify the ruri in the command with the actual ip address and port
we manually found in the location table, the message can be sent. We also
found the msilo module can't send messages on 3.2.8 but it works well on
3.1.
Here is the command we used:
opensips-cli -x mi t_uac_dlg method=MESSAGE
ruri="sip:12...@sip.domain.com:5061;transport=TLS" headers="From:
sip:6...@sip.domain.com:5061;transport=tls\r\nTo:
sip:12...@sip.domain.com:5061;transport=TLS\r\nContact:
sip:6...@sip.domain.com:5061;transport=tls\r\nContent-Type: text/plain\r\n"
body="this is a message"
Here are the logs on 3.1 and 3.2.8 respectively,
Logs for OPENSIPS 3.2
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: SIP Request:
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: method:
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: uri:
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: version:
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
flags=
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via_param: found param type
232, = ; state=16
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via: end of header reached,
state=5
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: via found,
flags=
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: this is the first
via
Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: end of header reached,
state=9
Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: display={}, ruri={
sip:6989229...@sip.domain.com:5061}
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: [37]; uri=[
sip:6989229...@sip.domain.com:5061]
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: to body [
sip:6989229...@sip.domain.com:5061#015#012]
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: cseq : <10>
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: content_length=28
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: found end of header
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
flags=
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: flags=78
Sep 26 07:21:13 opensips[3477]: DBG:proto_tls:proto_tls_send: no open tcp
connection found, opening new one, async = 0
Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: getsockopt:
snd is initially 16384
Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: using snd
buffer of 416 kb
Sep 26 07:21:13 opensips[3477]: DBG:core:init_sock_keepalive: TCP keepalive
enabled on socket 103
Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_connect_blocking_timeout:
connect timed out, 179 us elapsed out of 100 us
Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_sync_connect_fd:
tcp_blocking_connect failed
Sep 26 07:21:14 opensips[3477]: ERROR:proto_tls:proto_tls_send: connect
failed
Sep 26 07:21:14 opensips[3477]: ERROR:tm:msg_send: send() to
12.34.56.78:5061 for proto tls/3 failed
Sep 26 07:21:14 opensips[3477]: ERROR:tm:t_uac: attempt to send to
'sip:6989229...@sip.domain.com:5061;transport=TLS' failed
Logs for OPENSIPS 3.1
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg: SIP Request:
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg: method:
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg: uri:
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg: version:
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_headers: flags=
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_via_param: found param type 232, =
; state=16
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_via: end of header reached, state=5
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_headers: via found, flags=
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_headers: this is the first via
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:_parse_to: end of header reached, state=9
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:_parse_to: display={}, ruri={sip:3293543...@sip.domain.com:5061}
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:get_hdr_field: [38]; uri=[sip:3293543...@sip.domain.com:5061]
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:get_hdr_field: to body [sip:3293543...@sip.domain.com:5061#015#012]
Sep 26 07:32:00 ip-172-31-14-229
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Ovidiu,
The version I am using is 3.2. I am not familiar with the debug symbols,
but guess this can be reproduced easily. With ?tls_domain=dom1 attached
after the mysql address, it happens. Can you simply check if it is the same
behavior? If not, I will dig further by learning how to use the debug
symbols. Thanks!
On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas wrote:
> Which version of opensips are you using?
> Can you install the debug symbols and get a backtrace from the core file?
> https://www.opensips.org/Documentation/TroubleShooting-Crash
>
> Regards,
> Ovidiu Sas
>
> On Sun, Sep 25, 2022 at 6:32 AM jacky z wrote:
> >
> > Hi Vlad,
> >
> > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls
> connection to mysql db. I followed the method in the manual.
> >
> > modparam("usrloc", "db_url", "mysql://root:1234@localhost
> /opensips?tls_domain=dom1")
> >
> >
> > Here is the log.
> >
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:mod_init: initializing TLS management
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using default
> '/etc/pki/CA/'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT
> activated. Weaker security.
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using
> default '/etc/pki/CA/'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT
> activated. Weaker security.
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_tls:mod_init: initializing TLS protocol
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_bin:mod_init: initializing BIN protocol
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:clusterer:mod_init: Clusterer module - initializing
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> CRITICAL:core:sig_usr: segfault in attendant (starter) process!
> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243] opensips[4935]:
> segfault at 0 ip sp 7ffececa3d08 error 14 in
> opensips[558b5bb75000+1c000]
> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP
> value.
> > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize:
> pre-daemon process exiting with -1
> >
> > and my client domain settings
> >
> > #client domain
> > modparam("tls_mgm", "client_domain", "dom1")
> > modparam("tls_mgm", "match_ip_address", "[dom1]*")
> > modparam("tls_mgm", "match_sip_domain", "[dom1]*")
> > modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
> > modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
> > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
> > modparam("tls_mgm","tls_method", "[dom1]SSLv23")
> > modparam("tls_mgm","verify_cert", "[dom1]0")
> > modparam("tls_mgm","require_cert", "[dom1]0")
> >
> > It is expected to see some other errors such as invalid cert but not
> crash in pre-daemon process. Any clue on this for me to debug? If I remove
> "?tls_domain=dom1", there is no such crash though the opensips server still
> couldn't start because I forced the mysql db to use ssl connection. Thanks!
> >
> > On Mon, Sep 19, 2022 at 9:09 PM Vlad Patrascu
> wrote:
> >>
> >> Hi Jacky,
> >>
> >> I cant think of any workar
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Vlad,
It seems opensips crashed when I set ?tls_domain=dom1 to enable tls
connection to mysql db. I followed the method in the manual.
modparam("usrloc", "db_url",
"mysql://root:1234@localhost/opensips?tls_domain=dom1")
Here is the log.
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:tls_mgm:mod_init: initializing TLS management
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom'
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using default
'/etc/pki/CA/'
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT
activated. Weaker security.
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using
default '/etc/pki/CA/'
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT
activated. Weaker security.
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:proto_tls:mod_init: initializing TLS protocol
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:proto_bin:mod_init: initializing BIN protocol
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
INFO:clusterer:mod_init: Clusterer module - initializing
Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
CRITICAL:core:sig_usr: segfault in attendant (starter) process!
Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243] opensips[4935]:
segfault at 0 ip sp 7ffececa3d08 error 14 in
opensips[558b5bb75000+1c000]
Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP value.
Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize: pre-daemon
process exiting with -1
and my client domain settings
#client domain
modparam("tls_mgm", "client_domain", "dom1")
modparam("tls_mgm", "match_ip_address", "[dom1]*")
modparam("tls_mgm", "match_sip_domain", "[dom1]*")
modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","tls_method", "[dom1]SSLv23")
modparam("tls_mgm","verify_cert", "[dom1]0")
modparam("tls_mgm","require_cert", "[dom1]0")
It is expected to see some other errors such as invalid cert but not crash
in pre-daemon process. Any clue on this for me to debug? If I remove
"?tls_domain=dom1",
there is no such crash though the opensips server still couldn't start
because I forced the mysql db to use ssl connection. Thanks!
On Mon, Sep 19, 2022 at 9:09 PM Vlad Patrascu wrote:
> Hi Jacky,
>
> I cant think of any workaround unfortunately.
>
> Regards,
>
> --
> Vlad Patrascu
> OpenSIPS Core Developerhttp://www.opensips-solutions.com
>
> On 17.09.2022 18:46, jacky z wrote:
>
> Hi Vlad,
>
> Is there any workaround to disable the client cert? Thanks!
>
> On Wed, Sep 14, 2022 at 9:16 PM Vlad Patrascu wrote:
>
>> Hi Jacky,
>>
>> OpenSIPS will always require you to configure a client certificate for
>> TLS client domains and will also present that certificate when connecting.
>> But normally, a TLS server can simply choose not to verify the client
>> certificate. I don't have any experience with AWS RDS though but it seems
>> odd to not accept a connection only because the client did present a
>> certificate.
>>
>> Regards,
>>
>> --
>> Vlad Patrascu
>> OpenSIPS Core Developerhttp://www.opensips-solutions.com
>>
>> On 14.09.2022 05:42, jacky z wrote:
>>
>> Hi Bogdan-Andrei,
>>
>> I checked the mariadb documentation and found mariadb has two options to
>> set ssl connection: two-way TSL and one-way TSL. It seems AWS RDS only
>> supports one-way TSL, that is, TSL is used without a client cert. Does
>> OPEN
[OpenSIPS-Users] Build a cluster with "sql-only"
Hi Team,
I am trying to build a cluster with two opensips instances. The two
opensips instances run on two servers, but they share the same database.
With such a configuration, can I use the sql-only cluster_mode?
In the scripts, I added some extra configurations compared with single
instance,
socket=bin:1.2.3.4:
Binary Interface protocol module
loadmodule "proto_bin.so"
modparam("proto_bin", "bin_port", )
OpenSIPS cluster module
loadmodule "clusterer.so"
modparam("clusterer", "my_node_id", 1)
modparam("clusterer", "my_node_info", "cluster_id=1, url=bin:1.2.3.4:")
modparam("clusterer", "db_url", "database_url")
modparam("usrloc", "cluster_mode", "sql-only")
I also add the two instances to the clusterer table. However, I couldn't
make it work. Do I need to add additional routing scripts? Since these two
instances share the same database, I guess the proto-bin would coordinate
the two instances automatically.
Thanks
Jacky
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Vlad,
Is there any workaround to disable the client cert? Thanks!
On Wed, Sep 14, 2022 at 9:16 PM Vlad Patrascu wrote:
> Hi Jacky,
>
> OpenSIPS will always require you to configure a client certificate for TLS
> client domains and will also present that certificate when connecting. But
> normally, a TLS server can simply choose not to verify the client
> certificate. I don't have any experience with AWS RDS though but it seems
> odd to not accept a connection only because the client did present a
> certificate.
>
> Regards,
>
> --
> Vlad Patrascu
> OpenSIPS Core Developerhttp://www.opensips-solutions.com
>
> On 14.09.2022 05:42, jacky z wrote:
>
> Hi Bogdan-Andrei,
>
> I checked the mariadb documentation and found mariadb has two options to
> set ssl connection: two-way TSL and one-way TSL. It seems AWS RDS only
> supports one-way TSL, that is, TSL is used without a client cert. Does
> OPENSIPS support such one-way TSL to connect a database? Thanks!
>
> On Wed, Sep 14, 2022 at 12:06 AM jacky z wrote:
>
>> Hi Bogdan-Andrei,
>>
>> I have set the "certificate" and "private_key" in my script, as I
>> explained in method 1. However, AWS RDS doesn't support a client cert.
>> Please refer to
>>
>> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>>
>> Is there any workaround to use the public cert list provided by AWS?
>> Anyone has successfully used RDS with SSL connections? Thanks!
>>
>> On Tue, Sep 13, 2022 at 9:54 PM Bogdan-Andrei Iancu
>> wrote:
>>
>>> Set the certificate and key you have in the tls_mgm module, for the
>>> "certificate" and "private_key" parameters.
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>> https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>> https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/13/22 2:57 PM, jacky z wrote:
>>>
>>> Hi Bogdan-Andrei,
>>>
>>> I tried two methods.
>>>
>>> Method 1:
>>>
>>> #enabled TLS connection:
>>> modparam("db_mysql", "use_tls", 1)
>>>
>>> #setup a client domain:
>>> modparam("tls_mgm", "client_domain", "dom1")
>>> modparam("tls_mgm", "match_ip_address", "[dom1]*")
>>> modparam("tls_mgm", "match_sip_domain", "[dom1]*")
>>> modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
>>> modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
>>> modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
>>> modparam("tls_mgm","tls_method", "[dom1]SSLv23")
>>> modparam("tls_mgm","verify_cert", "[dom1]0")
>>> modparam("tls_mgm","require_cert", "[dom1]0")
>>> # set db_url
>>> modparam("usrloc", "db_url", "mysql://root:1234@
>>> /opensips?tls_domain=dom1")
>>> ...
>>>
>>> I couldn't figure out how to use global-bundle.pem AWS provided with
>>> this method. No luck to get a connection with RDS. If I don't use ssl,
>>> opensips can connect to RDS without encryption.
>>>
>>> Method 2:
>>>
>>> I tried
>>>
>>> modparam("usrloc", "db_url", "mysql://root:1234@
>>> /opensips?ssl=true&
>>> ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")
>>>
>>> to include the AWS cert. Still no luck.
>>>
>>> Thanks!
>>>
>>> On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> sorry for my silly question, but how do you connect from the OpenSIPS
>>>> side ??
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>>
>>>> OpenSIPS Founder and Developer
>>>> https://www.opensips-solutions.com
>>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>> https://www.opensips.org/events/Summit-2022Athens/
>>>>
>>>> On 9/13/22 10:41 AM, jacky z wrote:
>>>>
>>>> Hi Team,
>>>>
>>>>
Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user
Correction on my comments. It is a client side issue. Thank you!
On Thu, Sep 15, 2022 at 3:40 PM jacky z wrote:
> After checking the log in the client side, here are some interesting
> findings:
>
> Here is the what the client side received:
>
> WWW-Authenticate: Digest realm="sip.domain.com",
> nonce="3mKlesEwotxnM5nLMMLgQA63E6VTKsTFpEkK7OkoE4QA", qop="auth,auth-int",
> algorithm=SHA-256
>
> Then the client side logs show:
>
> 15:25:51.858 ...Unsupported digest algorithm "SHA-256"
> 15:25:51.859 SIP registration error: Invalid/unsupported digest
> algorithm
>
> Firstly, if the server side did not include SHA-256 in the SIP message,
> there would be no such issue. I don't understand why it needs to inform the
> client side "SHA-256". Secondly, if the client side just simply ignored
> "SHA-256", there would be no such issue. However, the client side treated
> it as not supported.
>
> On Thu, Sep 15, 2022 at 3:16 PM jacky z wrote:
>
>> Hi Bogdan-Andrei,
>>
>> I tried either specifying it or not. Neither worked. Here is the script
>> when I tried:
>>
>> www_challenge("","auth,auth-int","SHA-256");
>>
>> I also tried specifying the realm in the above code. When the above is
>> used, there is no such error, but always returns 401. I checked the column
>> ha1_sha256 and the hash of the password is correct.
>>
>> Thanks!
>>
>> On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu
>> wrote:
>>
>>> Hi,
>>>
>>> In your opensips.cfg, when doing auth challenge to the end points, do
>>> you specify the SHA256 alg?
>>>
>>> https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>> https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>> https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/15/22 7:18 AM, jacky z wrote:
>>>
>>> Hi Team,
>>>
>>> Does ha1_sha256 work in general opensips config settings? I have the
>>> following in the scripts:
>>>
>>> modparam("auth_db", "calculate_ha1", 0)
>>>
>>> modparam("auth_db", "password_column", "ha1_sha256")
>>>
>>>
>>> but got the following error in the log:
>>>
>>>
>>> /usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
>>> pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided
>>>
>>>
>>> It seems though the sha256 was specified, but the server still
>>> calculated MD5 and compared with the database column ha1_sha256.
>>>
>>> On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu
>>> wrote:
>>>
>>>> Hi Bela,
>>>>
>>>> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
>>>> request here https://github.com/OpenSIPS/opensips-cp/issues
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>>
>>>> OpenSIPS Founder and Developer
>>>> https://www.opensips-solutions.com
>>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>> https://www.opensips.org/events/Summit-2022Athens/
>>>>
>>>> On 6/29/22 9:10 AM, Bela H wrote:
>>>>
>>>> Hi all,
>>>>
>>>>
>>>>
>>>> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
>>>> password mode ha1_sha256?
>>>>
>>>> The ha1 (MD5(username:realm:password)) works fine but I had no luck
>>>> with the value generation for the ha1_sha256 field in “subscriber” table.
>>>>
>>>>
>>>>
>>>> I have this setting:
>>>>
>>>> modparam("auth_db", "calculate_ha1", 0)
>>>>
>>>> modparam("auth_db", "password_column", "ha1_sha256")
>>>>
>>>>
>>>>
>>>> Thanks!
>>>>
>>>> Bela
>>>>
>>>>
>>>>
>>>>
>>>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user
After checking the log in the client side, here are some interesting
findings:
Here is the what the client side received:
WWW-Authenticate: Digest realm="sip.domain.com",
nonce="3mKlesEwotxnM5nLMMLgQA63E6VTKsTFpEkK7OkoE4QA", qop="auth,auth-int",
algorithm=SHA-256
Then the client side logs show:
15:25:51.858 ...Unsupported digest algorithm "SHA-256"
15:25:51.859 SIP registration error: Invalid/unsupported digest
algorithm
Firstly, if the server side did not include SHA-256 in the SIP message,
there would be no such issue. I don't understand why it needs to inform the
client side "SHA-256". Secondly, if the client side just simply ignored
"SHA-256", there would be no such issue. However, the client side treated
it as not supported.
On Thu, Sep 15, 2022 at 3:16 PM jacky z wrote:
> Hi Bogdan-Andrei,
>
> I tried either specifying it or not. Neither worked. Here is the script
> when I tried:
>
> www_challenge("","auth,auth-int","SHA-256");
>
> I also tried specifying the realm in the above code. When the above is
> used, there is no such error, but always returns 401. I checked the column
> ha1_sha256 and the hash of the password is correct.
>
> Thanks!
>
> On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu
> wrote:
>
>> Hi,
>>
>> In your opensips.cfg, when doing auth challenge to the end points, do you
>> specify the SHA256 alg?
>>
>> https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>> https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/15/22 7:18 AM, jacky z wrote:
>>
>> Hi Team,
>>
>> Does ha1_sha256 work in general opensips config settings? I have the
>> following in the scripts:
>>
>> modparam("auth_db", "calculate_ha1", 0)
>>
>> modparam("auth_db", "password_column", "ha1_sha256")
>>
>>
>> but got the following error in the log:
>>
>>
>> /usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
>> pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided
>>
>>
>> It seems though the sha256 was specified, but the server still calculated
>> MD5 and compared with the database column ha1_sha256.
>>
>> On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu
>> wrote:
>>
>>> Hi Bela,
>>>
>>> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
>>> request here https://github.com/OpenSIPS/opensips-cp/issues
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>> https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>> https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 6/29/22 9:10 AM, Bela H wrote:
>>>
>>> Hi all,
>>>
>>>
>>>
>>> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
>>> password mode ha1_sha256?
>>>
>>> The ha1 (MD5(username:realm:password)) works fine but I had no luck
>>> with the value generation for the ha1_sha256 field in “subscriber” table.
>>>
>>>
>>>
>>> I have this setting:
>>>
>>> modparam("auth_db", "calculate_ha1", 0)
>>>
>>> modparam("auth_db", "password_column", "ha1_sha256")
>>>
>>>
>>>
>>> Thanks!
>>>
>>> Bela
>>>
>>>
>>>
>>>
>>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user
Hi Bogdan-Andrei,
I tried either specifying it or not. Neither worked. Here is the script
when I tried:
www_challenge("","auth,auth-int","SHA-256");
I also tried specifying the realm in the above code. When the above is
used, there is no such error, but always returns 401. I checked the column
ha1_sha256 and the hash of the password is correct.
Thanks!
On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu
wrote:
> Hi,
>
> In your opensips.cfg, when doing auth challenge to the end points, do you
> specify the SHA256 alg?
>
> https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
> https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/15/22 7:18 AM, jacky z wrote:
>
> Hi Team,
>
> Does ha1_sha256 work in general opensips config settings? I have the
> following in the scripts:
>
> modparam("auth_db", "calculate_ha1", 0)
>
> modparam("auth_db", "password_column", "ha1_sha256")
>
>
> but got the following error in the log:
>
>
> /usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
> pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided
>
>
> It seems though the sha256 was specified, but the server still calculated
> MD5 and compared with the database column ha1_sha256.
>
> On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu
> wrote:
>
>> Hi Bela,
>>
>> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
>> request here https://github.com/OpenSIPS/opensips-cp/issues
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>> https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 6/29/22 9:10 AM, Bela H wrote:
>>
>> Hi all,
>>
>>
>>
>> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
>> password mode ha1_sha256?
>>
>> The ha1 (MD5(username:realm:password)) works fine but I had no luck with
>> the value generation for the ha1_sha256 field in “subscriber” table.
>>
>>
>>
>> I have this setting:
>>
>> modparam("auth_db", "calculate_ha1", 0)
>>
>> modparam("auth_db", "password_column", "ha1_sha256")
>>
>>
>>
>> Thanks!
>>
>> Bela
>>
>>
>>
>>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Vlad,
In theory, the RDS server is expected to work like what you mentioned.
However, based on test, when the client cert and key is specified, the
connection can't be set.
For example, if we specify the following when we connect to the RDS server
in the command line in our testing
--ssl-cert=/etc/ssl/certs/rootCACert.pem
--ssl-key=/etc/ssl/private/rootCAKey.pem
RDS returns this error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading
authorization packet', system error: 11
On Wed, Sep 14, 2022 at 9:16 PM Vlad Patrascu wrote:
> Hi Jacky,
>
> OpenSIPS will always require you to configure a client certificate for TLS
> client domains and will also present that certificate when connecting. But
> normally, a TLS server can simply choose not to verify the client
> certificate. I don't have any experience with AWS RDS though but it seems
> odd to not accept a connection only because the client did present a
> certificate.
>
> Regards,
>
> --
> Vlad Patrascu
> OpenSIPS Core Developerhttp://www.opensips-solutions.com
>
> On 14.09.2022 05:42, jacky z wrote:
>
> Hi Bogdan-Andrei,
>
> I checked the mariadb documentation and found mariadb has two options to
> set ssl connection: two-way TSL and one-way TSL. It seems AWS RDS only
> supports one-way TSL, that is, TSL is used without a client cert. Does
> OPENSIPS support such one-way TSL to connect a database? Thanks!
>
> On Wed, Sep 14, 2022 at 12:06 AM jacky z wrote:
>
>> Hi Bogdan-Andrei,
>>
>> I have set the "certificate" and "private_key" in my script, as I
>> explained in method 1. However, AWS RDS doesn't support a client cert.
>> Please refer to
>>
>> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>>
>> Is there any workaround to use the public cert list provided by AWS?
>> Anyone has successfully used RDS with SSL connections? Thanks!
>>
>> On Tue, Sep 13, 2022 at 9:54 PM Bogdan-Andrei Iancu
>> wrote:
>>
>>> Set the certificate and key you have in the tls_mgm module, for the
>>> "certificate" and "private_key" parameters.
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>> https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>> https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/13/22 2:57 PM, jacky z wrote:
>>>
>>> Hi Bogdan-Andrei,
>>>
>>> I tried two methods.
>>>
>>> Method 1:
>>>
>>> #enabled TLS connection:
>>> modparam("db_mysql", "use_tls", 1)
>>>
>>> #setup a client domain:
>>> modparam("tls_mgm", "client_domain", "dom1")
>>> modparam("tls_mgm", "match_ip_address", "[dom1]*")
>>> modparam("tls_mgm", "match_sip_domain", "[dom1]*")
>>> modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
>>> modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
>>> modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
>>> modparam("tls_mgm","tls_method", "[dom1]SSLv23")
>>> modparam("tls_mgm","verify_cert", "[dom1]0")
>>> modparam("tls_mgm","require_cert", "[dom1]0")
>>> # set db_url
>>> modparam("usrloc", "db_url", "mysql://root:1234@
>>> /opensips?tls_domain=dom1")
>>> ...
>>>
>>> I couldn't figure out how to use global-bundle.pem AWS provided with
>>> this method. No luck to get a connection with RDS. If I don't use ssl,
>>> opensips can connect to RDS without encryption.
>>>
>>> Method 2:
>>>
>>> I tried
>>>
>>> modparam("usrloc", "db_url", "mysql://root:1234@
>>> /opensips?ssl=true&
>>> ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")
>>>
>>> to include the AWS cert. Still no luck.
>>>
>>> Thanks!
>>>
>>> On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> sorry for my silly question, but how do you connect from the OpenSIPS
>>>> side ??
>>>>
>
Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user
Hi Team,
Does ha1_sha256 work in general opensips config settings? I have the
following in the scripts:
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "password_column", "ha1_sha256")
but got the following error in the log:
/usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided
It seems though the sha256 was specified, but the server still calculated
MD5 and compared with the database column ha1_sha256.
On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu
wrote:
> Hi Bela,
>
> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
> request here https://github.com/OpenSIPS/opensips-cp/issues
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
> https://www.opensips.org/events/Summit-2022Athens/
>
> On 6/29/22 9:10 AM, Bela H wrote:
>
> Hi all,
>
>
>
> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
> password mode ha1_sha256?
>
> The ha1 (MD5(username:realm:password)) works fine but I had no luck with
> the value generation for the ha1_sha256 field in “subscriber” table.
>
>
>
> I have this setting:
>
> modparam("auth_db", "calculate_ha1", 0)
>
> modparam("auth_db", "password_column", "ha1_sha256")
>
>
>
> Thanks!
>
> Bela
>
>
>
>
>
>
>
> ___
> Users mailing
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Bogdan-Andrei,
I checked the mariadb documentation and found mariadb has two options to
set ssl connection: two-way TSL and one-way TSL. It seems AWS RDS only
supports one-way TSL, that is, TSL is used without a client cert. Does
OPENSIPS support such one-way TSL to connect a database? Thanks!
On Wed, Sep 14, 2022 at 12:06 AM jacky z wrote:
> Hi Bogdan-Andrei,
>
> I have set the "certificate" and "private_key" in my script, as I
> explained in method 1. However, AWS RDS doesn't support a client cert.
> Please refer to
>
> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>
> Is there any workaround to use the public cert list provided by AWS?
> Anyone has successfully used RDS with SSL connections? Thanks!
>
> On Tue, Sep 13, 2022 at 9:54 PM Bogdan-Andrei Iancu
> wrote:
>
>> Set the certificate and key you have in the tls_mgm module, for the
>> "certificate" and "private_key" parameters.
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>> https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/13/22 2:57 PM, jacky z wrote:
>>
>> Hi Bogdan-Andrei,
>>
>> I tried two methods.
>>
>> Method 1:
>>
>> #enabled TLS connection:
>> modparam("db_mysql", "use_tls", 1)
>>
>> #setup a client domain:
>> modparam("tls_mgm", "client_domain", "dom1")
>> modparam("tls_mgm", "match_ip_address", "[dom1]*")
>> modparam("tls_mgm", "match_sip_domain", "[dom1]*")
>> modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
>> modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
>> modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
>> modparam("tls_mgm","tls_method", "[dom1]SSLv23")
>> modparam("tls_mgm","verify_cert", "[dom1]0")
>> modparam("tls_mgm","require_cert", "[dom1]0")
>> # set db_url
>> modparam("usrloc", "db_url", "mysql://root:1234@
>> /opensips?tls_domain=dom1")
>> ...
>>
>> I couldn't figure out how to use global-bundle.pem AWS provided with this
>> method. No luck to get a connection with RDS. If I don't use ssl, opensips
>> can connect to RDS without encryption.
>>
>> Method 2:
>>
>> I tried
>>
>> modparam("usrloc", "db_url", "mysql://root:1234@
>> /opensips?ssl=true&
>> ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")
>>
>> to include the AWS cert. Still no luck.
>>
>> Thanks!
>>
>> On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu
>> wrote:
>>
>>> Hi,
>>>
>>> sorry for my silly question, but how do you connect from the OpenSIPS
>>> side ??
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>> https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>> https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/13/22 10:41 AM, jacky z wrote:
>>>
>>> Hi Team,
>>>
>>> We hope to connect to aws RDS database with ssl encryption. We have
>>> setup a client domain according to OPENSIPS documents. However, AWS RDS
>>> does not support client cert as someone has confirmed with AWS
>>> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>>>
>>> Is there any way to use the cert provided by AWS to connect? AWS
>>> provides a global-bundle.pem (
>>> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)
>>> for such a connection, but we don't know how to include it in the config
>>> file.
>>>
>>> Thanks
>>>
>>> Jacky z
>>>
>>> ___
>>> Users mailing
>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Bogdan-Andrei,
I have set the "certificate" and "private_key" in my script, as I explained
in method 1. However, AWS RDS doesn't support a client cert. Please refer to
https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
Is there any workaround to use the public cert list provided by AWS? Anyone
has successfully used RDS with SSL connections? Thanks!
On Tue, Sep 13, 2022 at 9:54 PM Bogdan-Andrei Iancu
wrote:
> Set the certificate and key you have in the tls_mgm module, for the
> "certificate" and "private_key" parameters.
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
> https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/13/22 2:57 PM, jacky z wrote:
>
> Hi Bogdan-Andrei,
>
> I tried two methods.
>
> Method 1:
>
> #enabled TLS connection:
> modparam("db_mysql", "use_tls", 1)
>
> #setup a client domain:
> modparam("tls_mgm", "client_domain", "dom1")
> modparam("tls_mgm", "match_ip_address", "[dom1]*")
> modparam("tls_mgm", "match_sip_domain", "[dom1]*")
> modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
> modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
> modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
> modparam("tls_mgm","tls_method", "[dom1]SSLv23")
> modparam("tls_mgm","verify_cert", "[dom1]0")
> modparam("tls_mgm","require_cert", "[dom1]0")
> # set db_url
> modparam("usrloc", "db_url", "mysql://root:1234@
> /opensips?tls_domain=dom1")
> ...
>
> I couldn't figure out how to use global-bundle.pem AWS provided with this
> method. No luck to get a connection with RDS. If I don't use ssl, opensips
> can connect to RDS without encryption.
>
> Method 2:
>
> I tried
>
> modparam("usrloc", "db_url", "mysql://root:1234@
> /opensips?ssl=true&
> ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")
>
> to include the AWS cert. Still no luck.
>
> Thanks!
>
> On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu
> wrote:
>
>> Hi,
>>
>> sorry for my silly question, but how do you connect from the OpenSIPS
>> side ??
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>> https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/13/22 10:41 AM, jacky z wrote:
>>
>> Hi Team,
>>
>> We hope to connect to aws RDS database with ssl encryption. We have setup
>> a client domain according to OPENSIPS documents. However, AWS RDS does not
>> support client cert as someone has confirmed with AWS
>> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>>
>> Is there any way to use the cert provided by AWS to connect? AWS provides
>> a global-bundle.pem (
>> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)
>> for such a connection, but we don't know how to include it in the config
>> file.
>>
>> Thanks
>>
>> Jacky z
>>
>> ___
>> Users mailing
>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Bogdan-Andrei,
I tried two methods.
Method 1:
#enabled TLS connection:
modparam("db_mysql", "use_tls", 1)
#setup a client domain:
modparam("tls_mgm", "client_domain", "dom1")
modparam("tls_mgm", "match_ip_address", "[dom1]*")
modparam("tls_mgm", "match_sip_domain", "[dom1]*")
modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
modparam("tls_mgm","tls_method", "[dom1]SSLv23")
modparam("tls_mgm","verify_cert", "[dom1]0")
modparam("tls_mgm","require_cert", "[dom1]0")
# set db_url
modparam("usrloc", "db_url", "mysql://root:1234@
/opensips?tls_domain=dom1")
...
I couldn't figure out how to use global-bundle.pem AWS provided with this
method. No luck to get a connection with RDS. If I don't use ssl, opensips
can connect to RDS without encryption.
Method 2:
I tried
modparam("usrloc", "db_url", "mysql://root:1234@
/opensips?ssl=true&
ssl_ca_certs=/etc/ssl/certs/global-bundle.pem")
to include the AWS cert. Still no luck.
Thanks!
On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu
wrote:
> Hi,
>
> sorry for my silly question, but how do you connect from the OpenSIPS side
> ??
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
> https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/13/22 10:41 AM, jacky z wrote:
>
> Hi Team,
>
> We hope to connect to aws RDS database with ssl encryption. We have setup
> a client domain according to OPENSIPS documents. However, AWS RDS does not
> support client cert as someone has confirmed with AWS
> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
>
> Is there any way to use the cert provided by AWS to connect? AWS provides
> a global-bundle.pem (
> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)
> for such a connection, but we don't know how to include it in the config
> file.
>
> Thanks
>
> Jacky z
>
> ___
> Users mailing
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Team, We hope to connect to aws RDS database with ssl encryption. We have setup a client domain according to OPENSIPS documents. However, AWS RDS does not support client cert as someone has confirmed with AWS https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws Is there any way to use the cert provided by AWS to connect? AWS provides a global-bundle.pem ( https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) for such a connection, but we don't know how to include it in the config file. Thanks Jacky z ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] send message via opensips-cli
Hi Team, We are trying to send messages with opensips-cli, but can't find too much info on how to make it work. Here is what we tried but it did not work. opensips-cli -x mi t_uac_dlg method=MESSAGE ruri=" sip:al...@sip.domain.com:5061" headers="From: sip:b...@sip.domain.com:5061\r\nTo: sip:al...@sip.domain.com:5061\r\nContact: sip:b...@sip.domain.com:5061\r\nContent-Type: text/plain\r\n" body="123456\r\n" We are using OPENSIPS 3.1 and here is the error we get, ERROR: command 't_uac_dlg' returned: 500: Server error occurred (1/MI/UAC) Anything wrong with the above command line? Thanks! Regards, jacky ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] MSILO can't send message
Hi Bogdan_Andrei,
You are right. The actual content is not attached. Attached is the log.
Hi,
>
> So the actual content of the message is not attached to the MSG? Could you
> send me (maybe off list) the opensips logs (level 4) for a m_dump() ?
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS eBootcamp 2021
> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>
> On 10/15/21 11:02 AM, jacky z wrote:
>
> Hi Bogdan-Andrei,
>
> Did you also noticed the msilo module still can't send the dumped message,
> but send "[Offline message - Thu Jan 1 00:00:00 1970" no matter what the
> message is? or just the setting I used?
>
>
> :+1:
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> OpenSIPS eBootcamp 2021
>> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>>
>> On 10/14/21 5:03 AM, jacky z wrote:
>>
>> Hi Bogdan-Andrei,
>>
>> Finally made it send offline message by setting
>>
>> modparam("msilo", "outbound_proxy",
>> "sip:name.domain.com:5061;transport=tls")
>> modparam("tls_mgm", "match_sip_domain", "[dom]*")
>>
>> It seems the port number needs to be included and the match_sip_domain
>> needs to *. If the domain name is included, the error happens. Hope this
>> info is helpful for others who may be interested.
>>
>> However, it still can't send the dumped message, but send "[Offline
>> message - Thu Jan 1 08:00:00 1970" no matter what the message is. It seems
>> the message was truncated. Based on the source code of the msilo module,
>> the message should be something like "[Offline message - Thu Jan 1
>> 08:00:00 1970] message here".
>>
>> In the log, I can see the correct message was read out from the silo
>> table. Here is the log that shows the correct offline message that should
>> be sent:
>>
>> DBG:db_mysql:db_mysql_str2val: converting BLOB [{"type":"1","cont":"the
>> right message"}]
>>
>> Thanks!
>>
>>
>> Hi Jacky,
>>>
>>> The m_dump() sends the MESSAGE to the AOR of the user, so, ideally, you
>>> should do take care of the "lookup(location)" in order to the get it
>>> properly routed.
>>>
>>> For the TLS part, do you use it between the end-point and opensips? if
>>> so, I guess the MESSAGE sent by m_dump() and looping back to opensips (for
>>> doing the lookup(location)) is via UDP ?
>>>
>>> I'm asking as from the TLS perspective the most important think to know
>>> is where (in the routing logic) the TLS connection gets used/opened, as
>>> you need to be sure and correlate the destination IP (at the moment) with
>>> the IPs/mask you have in the TLS client domain.
>>>
>>> Best regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>> https://www.opensips-solutions.com
>>> OpenSIPS eBootcamp 2021
>>> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>>>
>>> On 9/28/21 3:03 AM, jacky z wrote:
>>>
>>> Hi Team,
>>>
>>> I want to use MSILO to forward offline messages. I use TLS connections
>>> and have set up both server domain and client domains. If we don't
>>> use outbound_proxy, the logs show no error, but the message just was not
>>> sent. I searched online and it was said that the outbound proxy needs to be
>>> used. However, if we use outbound_proxy, there will be errors- no TLS
>>> client domain found. Actually, I have set up the client domain. It
>>> seems the MSILO module can't recognize the client domain. I have checked
>>> the messages were all in the database table silo. Have you ever encountered
>>> such issues? Any clue to debug? Thanks!
>>>
>>> Here are the scripts and logs
>>>
>>> When m_dump() is called in "REGISTER":
>>>
>>> if (m_dump()) {
>>> xlog("MSILO: offline messages dumped - if they were");
>>> }else{
>>> xlog("MSILO: no offline messages dumped");
>>> };
>>>
>>> It can dump the message from the database but can't send the message.
>>> Here is the log:
>>>
>>> Sep 18 17:29:55 s
Re: [OpenSIPS-Users] MSILO can't send message
g 2 rows
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]: DBG:core:db_free_row:
freeing row values at 0x7f0fc5148620
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]: DBG:core:db_free_row:
freeing row values at 0x7f0fc51486e0
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]: DBG:core:db_free_rows:
freeing rows at 0x7f0fc5148600
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]:
DBG:core:db_free_result: freeing result set at 0x7f0fc515e718
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]: MSILO: offline
messages dumped - if they were
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]:
DBG:core:parse_headers: flags=
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]: DBG:core:parse_params:
Parsing params
for:[reg-id=1;+sip.instance=""]
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]:
DBG:core:parse_headers: flags=
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]:
DBG:core:parse_headers: flags=
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]:
DBG:core:parse_headers: flags=
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18616]:
INFO:avpops:ops_print_avp: --- All AVPs in this context
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
ERROR:core:tcp_connect_blocking_timeout: poll error: flags 28 - 4 8 16 32
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
ERROR:core:tcp_connect_blocking_timeout: failed to retrieve SO_ERROR
[server=1.2.3.4:38351] (111) Connection refused
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
ERROR:proto_tls:tls_sync_connect: tcp_blocking_connect failed
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
ERROR:proto_tls:proto_tls_send: connect failed
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]: ERROR:tm:msg_send:
send() to 1.2.3.4:38351 for proto tls/3 failed
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
ERROR:tm:t_forward_nonack: sending request failed
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]: DBG:core:tcp_conn_get:
con found in state 0
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]: DBG:core:tcp_conn_get:
tcp connection found (0x7f0fc18f7040), acquiring fd
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]: DBG:core:tcp_conn_get:
c= 0x7f0fc18f7040, n=16, Usock=87
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18624]:
DBG:core:handle_worker: read response= 7f0fc18f7040, 1, fd -1 from 8 (18617)
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]: DBG:core:tcp_conn_get:
after receive_fd: c= 0x7f0fc18f7040 n=8 fd=119
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
DBG:proto_tls:proto_tls_send: sending via fd 119...
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
DBG:proto_tls:tls_update_fd: New fd is 119
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
DBG:proto_tls:tls_write: write was successful (768 bytes)
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
DBG:proto_tls:proto_tls_send: after write: c= 0x7f0fc18f7040 n=768 fd=119
Oct 18 17:25:19 sipserver /usr/sbin/opensips[18617]:
DBG:proto_tls:proto_tls_send: buf=#012MESSAGE
sip:1234@1.2.3.4:38250;transport=TLS;ob;push-type=apple;push-app=com.domain.anapp;push-tok=d26762bc904e92c7c7257b16d01c0306743842283890fbf3fc283f888a151dd1
SIP/2.0#015#012Via: SIP/2.0/TLS
5.6.7.8:5061;branch=z9hG4bKa4f6.a67d16b5.1;i=d08d52a7#015#012Via:
SIP/2.0/TLS 5.6.7.8:5061;branch=z9hG4bKa4f6.967d16b5.0#015#012To:
sip:1...@sip.domain.com#015#012From:
;tag=9afce3b8fbcf13cb78dc600ec9e7e602-19db#015#012CSeq:
10 MESSAGE#015#012Call-ID:
6143c1e65061294e-18616@172.29.118.78#015#012Max-Forwards:
69#015#012Content-Length: 51#015#012User-Agent: OpenSIPS (3.1.2
(x86_64/linux))#015#012Date: Thu, 14 Oct 2021 06:36:48
GMT#015#012Content-Type: text/plain#015#012Contact:
;msilo=yes#015#012#015#012[Offline
message - Thu Jan 1 08:00:00 1970#012
Hi,
>
> So the actual content of the message is not attached to the MSG? Could you
> send me (maybe off list) the opensips logs (level 4) for a m_dump() ?
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS eBootcamp 2021
> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>
> On 10/15/21 11:02 AM, jacky z wrote:
>
> Hi Bogdan-Andrei,
>
> Did you also noticed the msilo module still can't send the dumped message,
> but send "[Offline message - Thu Jan 1 00:00:00 1970" no matter what the
> message is? or just the setting I used?
>
>
> :+1:
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> OpenSIPS eBootcamp 2021
>> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>>
>> On 10/14/21 5:03 AM, jacky z wrote:
>>
>> Hi Bogdan-Andrei,
>>
>> Finally made it send offline message by setting
>>
>> modparam("msilo", "outboun
Re: [OpenSIPS-Users] We didn't manage to read a full request
We found most of the time, it follows a global (per process) buff and is followed by a per connection buff and then the message is read. Oct 19 13:34:32 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_read_req: *Using the global ( per process ) buff * Oct 19 13:34:32 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_update_fd: New fd is 118 Oct 19 13:34:32 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tcp_handle_req: *We didn't manage to read a full request* Oct 19 13:34:32 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_read_req: tls_read_req end Oct 19 13:34:32 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_read_req: *Using the per connection buff* Oct 19 13:34:32 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_update_fd: New fd is 118 Oct 19 13:34:32 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:_tls_read: *683 bytes read* The one I mentioned in the previous email was not followed by a per connection buff and it seems the connection was dead. Oct 19 13:35:05 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_read_req: *Using the global ( per process ) buff * Oct 19 13:35:05 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_update_fd: New fd is 118 Oct 19 13:35:05 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tcp_handle_req: *We didn't manage to read a full request* Oct 19 13:35:05 sipserver /usr/sbin/opensips[18615]: DBG:proto_tls:tls_read_req: tls_read_req end Oct 19 13:35:07 sipserver /usr/sbin/opensips[18622]: DBG:tm:timer_routine: timer routine:2,tl=0x7f0fc18a3630 next=(nil), timeout=428446 Oct 19 13:35:07 sipserver /usr/sbin/opensips[18622]: DBG:tm:wait_handler: removing 0x7f0fc18a35b0 from table Oct 19 13:35:07 sipserver /usr/sbin/opensips[18622]: DBG:tm:delete_cell: delete transaction 0x7f0fc18a35b0 Oct 19 13:35:07 sipserver /usr/sbin/opensips[18622]: DBG:tm:wait_handler: done jacky z wrote: > Thanks! We found an end point sent an INVITE, but the server did not > receive. The time of this message in the opensips log matched the INVITE. > Not sure whether the INVITE message failed to be read for whatever reason. > Then we checked the server and found a lot of such messages. The server is > a still a test server and we don't expect there are a lot random connection > attempts. > > Giovanni Maruzzelli wrote: > >> On Wed, Oct 20, 2021 at 11:00 AM jacky z wrote: >> >>> >>> Recently checked the log and found a lot of items. >>> >>> DBG:proto_tls:tcp_handle_req: We didn't manage to read a full request >>> >>> Does this mean that there is an incoming message but the server can't >>> read it successfully? What can induce this problem? Thanks! >>> >> >> These are probably connection attempts that happen to be on the tcp port >> where opensips is listening. >> >> They are probably script kiddies sending http/https/ssh/whatever to >> random ports >> >> -giovanni >> -- >> Sincerely, >> >> Giovanni Maruzzelli >> OpenTelecom.IT >> cell: +39 347 266 56 18 >> >> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] We didn't manage to read a full request
Thanks! We found an end point sent an INVITE, but the server did not receive. The time of this message in the opensips log matched the INVITE. Not sure whether the INVITE message failed to be read for whatever reason. Then we checked the server and found a lot of such messages. The server is a still a test server and we don't expect there are a lot random connection attempts. Giovanni Maruzzelli wrote: > On Wed, Oct 20, 2021 at 11:00 AM jacky z wrote: > >> >> Recently checked the log and found a lot of items. >> >> DBG:proto_tls:tcp_handle_req: We didn't manage to read a full request >> >> Does this mean that there is an incoming message but the server can't >> read it successfully? What can induce this problem? Thanks! >> > > These are probably connection attempts that happen to be on the tcp port > where opensips is listening. > > They are probably script kiddies sending http/https/ssh/whatever to random > ports > > -giovanni > -- > Sincerely, > > Giovanni Maruzzelli > OpenTelecom.IT > cell: +39 347 266 56 18 > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] config 477 for offline message
Hi Bogdan-Andrei,
Yes. 0x02 flag works. I knew this but struggled a lot to figure out where
to do the t_relay(0x02). It works now and no 477 sent. Thanks!
Regards,
Jacky
Hi,
>
> Using the 0x02 flag should do the trick . If you enable it, do you still
> see the TM sending the 477 reply automatically ?
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS eBootcamp 2021
> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>
> On 10/14/21 5:17 AM, jacky z wrote:
>
> Hi Team,
>
> I am working on msilo module for offline message processing. When a
> message receiver just closed the user agent but the server hasn't updated
> the "location", the server will try to send the message several times
> through TCP/TLS and failed with "477". How can we capture this "477" and
> m_store the offline message? It seems the sample scripts don't handle this
> scenario. I also tried the following scripts in the route[relay] and the
> scripts were not executed based on the log. Appreciate your help! Thanks!
>
> if (!t_relay(0x02) ) {
>
> if (is_method("MESSAGE")) {
>
> if (m_store("$ou")) {
> log("MSILO: offline message stored\n");
> send_reply(202, "Accepted");
> }else{
> log("MSILO: offline message NOT stored\n");
> send_reply(503, "Service Unavailable");
> }
> exit;
>
> }
>
> ___
> Users mailing
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] We didn't manage to read a full request
Hi Team, Recently checked the log and found a lot of items. DBG:proto_tls:tcp_handle_req: We didn't manage to read a full request Does this mean that there is an incoming message but the server can't read it successfully? What can induce this problem? Thanks! Regards, Jacky ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] MSILO can't send message
Hi Bogdan-Andrei,
Did you also noticed the msilo module still can't send the dumped message,
but send "[Offline message - Thu Jan 1 00:00:00 1970" no matter what the
message is? or just the setting I used?
:+1:
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS eBootcamp 2021
> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>
> On 10/14/21 5:03 AM, jacky z wrote:
>
> Hi Bogdan-Andrei,
>
> Finally made it send offline message by setting
>
> modparam("msilo", "outbound_proxy",
> "sip:name.domain.com:5061;transport=tls")
> modparam("tls_mgm", "match_sip_domain", "[dom]*")
>
> It seems the port number needs to be included and the match_sip_domain
> needs to *. If the domain name is included, the error happens. Hope this
> info is helpful for others who may be interested.
>
> However, it still can't send the dumped message, but send "[Offline
> message - Thu Jan 1 08:00:00 1970" no matter what the message is. It seems
> the message was truncated. Based on the source code of the msilo module,
> the message should be something like "[Offline message - Thu Jan 1
> 08:00:00 1970] message here".
>
> In the log, I can see the correct message was read out from the silo
> table. Here is the log that shows the correct offline message that should
> be sent:
>
> DBG:db_mysql:db_mysql_str2val: converting BLOB [{"type":"1","cont":"the
> right message"}]
>
> Thanks!
>
>
> Hi Jacky,
>>
>> The m_dump() sends the MESSAGE to the AOR of the user, so, ideally, you
>> should do take care of the "lookup(location)" in order to the get it
>> properly routed.
>>
>> For the TLS part, do you use it between the end-point and opensips? if
>> so, I guess the MESSAGE sent by m_dump() and looping back to opensips (for
>> doing the lookup(location)) is via UDP ?
>>
>> I'm asking as from the TLS perspective the most important think to know
>> is where (in the routing logic) the TLS connection gets used/opened, as
>> you need to be sure and correlate the destination IP (at the moment) with
>> the IPs/mask you have in the TLS client domain.
>>
>> Best regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> OpenSIPS eBootcamp 2021
>> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>>
>> On 9/28/21 3:03 AM, jacky z wrote:
>>
>> Hi Team,
>>
>> I want to use MSILO to forward offline messages. I use TLS connections
>> and have set up both server domain and client domains. If we don't
>> use outbound_proxy, the logs show no error, but the message just was not
>> sent. I searched online and it was said that the outbound proxy needs to be
>> used. However, if we use outbound_proxy, there will be errors- no TLS
>> client domain found. Actually, I have set up the client domain. It seems
>> the MSILO module can't recognize the client domain. I have checked the
>> messages were all in the database table silo. Have you ever encountered
>> such issues? Any clue to debug? Thanks!
>>
>> Here are the scripts and logs
>>
>> When m_dump() is called in "REGISTER":
>>
>> if (m_dump()) {
>> xlog("MSILO: offline messages dumped - if they were");
>> }else{
>> xlog("MSILO: no offline messages dumped");
>> };
>>
>> It can dump the message from the database but can't send the message.
>> Here is the log:
>>
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
>> method:
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
>> uri: sip:10...@xxx.com:5061;transport=tls
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
>> version:
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
>> DBG:core:parse_headers: flags=
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
>> DBG:core:parse_via_param: found param type 232, = ;
>> state=16
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_via:
>> end of header reached, state=5
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
>> DBG:core:parse_headers: via found, flags=
>> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
>> DBG:core:parse_headers: this is the first via
>> S
[OpenSIPS-Users] config 477 for offline message
Hi Team,
I am working on msilo module for offline message processing. When a message
receiver just closed the user agent but the server hasn't updated the
"location", the server will try to send the message several times through
TCP/TLS and failed with "477". How can we capture this "477" and m_store
the offline message? It seems the sample scripts don't handle this
scenario. I also tried the following scripts in the route[relay] and the
scripts were not executed based on the log. Appreciate your help! Thanks!
if (!t_relay(0x02) ) {
if (is_method("MESSAGE")) {
if (m_store("$ou")) {
log("MSILO: offline message stored\n");
send_reply(202, "Accepted");
}else{
log("MSILO: offline message NOT stored\n");
send_reply(503, "Service Unavailable");
}
exit;
}
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] MSILO can't send message
Hi Bogdan-Andrei,
Finally made it send offline message by setting
modparam("msilo", "outbound_proxy", "sip:name.domain.com:5061
;transport=tls")
modparam("tls_mgm", "match_sip_domain", "[dom]*")
It seems the port number needs to be included and the match_sip_domain
needs to *. If the domain name is included, the error happens. Hope this
info is helpful for others who may be interested.
However, it still can't send the dumped message, but send "[Offline message
- Thu Jan 1 08:00:00 1970" no matter what the message is. It seems the
message was truncated. Based on the source code of the msilo module, the
message should be something like "[Offline message - Thu Jan 1 08:00:00
1970] message here".
In the log, I can see the correct message was read out from the silo table.
Here is the log that shows the correct offline message that should be sent:
DBG:db_mysql:db_mysql_str2val: converting BLOB [{"type":"1","cont":"the
right message"}]
Thanks!
Hi Jacky,
>
> The m_dump() sends the MESSAGE to the AOR of the user, so, ideally, you
> should do take care of the "lookup(location)" in order to the get it
> properly routed.
>
> For the TLS part, do you use it between the end-point and opensips? if so,
> I guess the MESSAGE sent by m_dump() and looping back to opensips (for
> doing the lookup(location)) is via UDP ?
>
> I'm asking as from the TLS perspective the most important think to know is
> where (in the routing logic) the TLS connection gets used/opened, as you
> need to be sure and correlate the destination IP (at the moment) with the
> IPs/mask you have in the TLS client domain.
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS eBootcamp 2021
> https://opensips.org/training/OpenSIPS_eBootcamp_2021/
>
> On 9/28/21 3:03 AM, jacky z wrote:
>
> Hi Team,
>
> I want to use MSILO to forward offline messages. I use TLS connections and
> have set up both server domain and client domains. If we don't
> use outbound_proxy, the logs show no error, but the message just was not
> sent. I searched online and it was said that the outbound proxy needs to be
> used. However, if we use outbound_proxy, there will be errors- no TLS
> client domain found. Actually, I have set up the client domain. It seems
> the MSILO module can't recognize the client domain. I have checked the
> messages were all in the database table silo. Have you ever encountered
> such issues? Any clue to debug? Thanks!
>
> Here are the scripts and logs
>
> When m_dump() is called in "REGISTER":
>
> if (m_dump()) {
> xlog("MSILO: offline messages dumped - if they were");
> }else{
> xlog("MSILO: no offline messages dumped");
> };
>
> It can dump the message from the database but can't send the message. Here
> is the log:
>
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
> method:
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
> uri: sip:10...@xxx.com:5061;transport=tls
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
> version:
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:parse_headers: flags=
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:parse_via_param: found param type 232, = ;
> state=16
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_via:
> end of header reached, state=5
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:parse_headers: via found, flags=
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:parse_headers: this is the first via
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:parse_to_param: transport=tls
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:_parse_to:
> end of header reached, state=29
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:_parse_to:
> display={}, ruri={sip:10...@xxx.com:5061}
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:get_hdr_field: [50]; uri=[sip:10...@xxx.com:5061]
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:get_hdr_field: to body [sip:10...@xxx.com:5061]
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:get_hdr_field: cseq : <10>
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:get_hdr_field: content_length=78
> Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
> DBG:core:get_hdr_field: found end of header
> Sep 18 17:29:55 sipserver /usr
[OpenSIPS-Users] MSILO can't send message
Hi Team,
I want to use MSILO to forward offline messages. I use TLS connections and
have set up both server domain and client domains. If we don't
use outbound_proxy, the logs show no error, but the message just was not
sent. I searched online and it was said that the outbound proxy needs to be
used. However, if we use outbound_proxy, there will be errors- no TLS
client domain found. Actually, I have set up the client domain. It seems
the MSILO module can't recognize the client domain. I have checked the
messages were all in the database table silo. Have you ever encountered
such issues? Any clue to debug? Thanks!
Here are the scripts and logs
When m_dump() is called in "REGISTER":
if (m_dump()) {
xlog("MSILO: offline messages dumped - if they were");
}else{
xlog("MSILO: no offline messages dumped");
};
It can dump the message from the database but can't send the message. Here
is the log:
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
method:
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
uri: sip:10...@xxx.com:5061;transport=tls
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_msg:
version:
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_headers:
flags=
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
DBG:core:parse_via_param: found param type 232, = ;
state=16
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_via: end
of header reached, state=5
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_headers:
via found, flags=
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_headers:
this is the first via
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
DBG:core:parse_to_param: transport=tls
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:_parse_to: end
of header reached, state=29
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:_parse_to:
display={}, ruri={sip:10...@xxx.com:5061}
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:get_hdr_field:
[50]; uri=[sip:10...@xxx.com:5061]
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:get_hdr_field:
to body [sip:10...@xxx.com:5061]
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:get_hdr_field:
cseq : <10>
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:get_hdr_field:
content_length=78
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:get_hdr_field:
found end of header
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_headers:
flags=
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:parse_headers:
flags=78
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
DBG:proto_tls:proto_tls_send: no open tcp connection found, opening new one
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
DBG:core:probe_max_sock_buff: using snd buffer of 416 kb
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]:
DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 119
Sep 18 17:29:55 sipserver /usr/sbin/opensips[9794]: DBG:core:print_ip:
tcpconn_new: new tcp connection to: 142.107.16.203
