I was able to determine that the relay is using TCP. I am encountering this error on the mediaproxy-relay machine
Sep 24 18:38:44 media-relay[9744]: error: Connection with dispatcher at xxx.xxx.xxx:25061 was lost: TCP connection timed out. Sep 24 18:38:55 media-relay[9744]: error: Could not decode command/sequence number pair from dispatcher: error Sep 24 18:39:05 media-relay[9744]: error: Could not decode command/sequence number pair from dispatcher: error Sep 24 18:39:15 media-relay[9744]: error: Could not decode command/sequence number pair from dispatcher: error and on the mediaproxy-dispatcher Sep 24 18:31:46 media-dispatcher[19071]: error: Unknown command on management interface: ping Sep 24 18:31:56 media-dispatcher[19071]: error: Unknown command on management interface: ping Sep 24 18:32:06 media-dispatcher[19071]: error: Unknown command on management interface: ping I have already set the value on the dispatcher config.ini listen_management = 0.0.0.0 ; Whether or not to use TLS on the management interface. Note that the same ; TLS credentials are used for both the relay and the management interface ; connections. ; ; Default value is yes. ; management_use_tls = yes ; Specify extra checks to be performed on the relay TLS credentials before ; considering the connection with the relay succesful. The passport is ; specified as a list of attribute/value pairs in the form: ; AN:value[, AN:value...] ; where the attribute name (AN) is one of the available attribute names from ; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The value is a ; string that has to match with the corresponding attribute value from the ; relay certificate. A wildcard (*) can be used in the value at the beginning ; or the end of the string to indicate that the corresponding attribute from ; the relay certificate must end with respectively to start with the given ; string (excluding the wildcard). ; For example using this passport: ; passport = O:AG Projects, CN:relay* ; means that a connection with a relay will only be accepted if the relay ; certificate subject has organization set to "AG Projects" and the common ; name starts with "relay". To specify that no additional identity checks ; need to be performed, use the keyword None. If passport is None, then only ; the certificate signature is verified agains the certificate authority in ; tls/ca.pem (signature is always verified even when passport is None). ; ; Default value is None. ; passport = None ; This option is similar to passport above, but applies to the management ; interface connections instead of relay connections. It specifies extra ; checks to be performed on the TLS credentials suplied by an entity that ; connects to the management interface. Please consult passport above for ; a detailed description of the possible values for this option. ; ; If management_use_tls is false, this option is ignored. ; ; Default value is None. ; management_passport = None What part did I misconfigure mediaproxy? Dan Pascu wrote: > > > On 24 Sep 2009, at 09:33, bay2x1 wrote: > >> >> How would I be able to determine if the dispatcher or the relay is >> using TCP >> or TLS. I have already disabled in the opensips.cfg the tcp, but I >> still >> get the same error. >> > > They always use TLS. The only place where you can configure it to use > TCP, is the dispatcher management interface. Also opensips.cfg has > nothing to do with the mediaproxy applications. Those are configured > in /etc/init.d/config.ini > >> >> >> Dan Pascu wrote: >>> >>> >>> On 13 Aug 2009, at 02:21, bay2x1 wrote: >>> >>>> >>>> I haven't resolved this problem. Further exploration revealed that >>>> both >>>> relay and dispatcher are working. The only problem is during the >>>> handshake >>>> between dispatcher and relay. The dispatcher is refusing the relay >>>> connection. I have downloaded the sample tls certificates from the >>>> svn >>>> repository because I believe this might resolve the problem still >>>> the >>>> problem persists. >>> >>> I have no idea what certificates those are. You should ask the svn >>> repository owner what's up with them. We do not provide any >>> certificates in any svn repository. >>> >>>> I am correct to say that I am using the correct >>>> certificates if my CDRTool on Network and Session section is able to >>>> connect >>>> to the mediaproxy-dispatcher. >>> >>> No. CDRTool uses a single file certificate, while the dispatcher and >>> relay use separate certificate and private key files. Read tls/README >>> >>>> I have observed it previously that if I dont >>>> have the proper mediaproxy.hostname.com.pem file I encounter this >>>> error == >>>> Error connecting to tls://hostname.com:25061: (111). With my >>>> current >>>> CDRTool configuration I am able to connect to media dispatcher >>>> properly. I >>>> am wondering why I am receiving >>>> Error: A TLS packet with unexpected length was received. >>> >>> That error message appears when a non-TLS client tries to connect >>> to a >>> TLS server, or the other way around. One of your endpoints is TCP the >>> other TLS. >>> >>>> >>>> >>>> >>>> >>>> bay2x1 wrote: >>>>> >>>>> I am encountering this error with mediaproxy. Mediaproxy-relay and >>>>> Mediaproxy-dispatcher is not on the same machine. >>>>> Every time I restart mediaproxy-relay on the other computer I got >>>>> this log >>>>> error on the machine where mediaproxy-dispatcher is running. I >>>>> have check >>>>> both relay and dispatcher have the same version 2.3.4. >>>>> >>>>> error: Connection with relay at 176.16.100.150 was lost: A TLS >>>>> packet with >>>>> unexpected length was received. >>>>> >>>>> Everytime I restart dispatcher I get this log warning >>>>> >>>>> Aug 9 20:42:04 phoenix303 media-dispatcher[10797]: Received >>>>> SIGTERM, >>>>> shutting down. >>>>> Aug 9 20:42:04 phoenix303 media-dispatcher[10797]: (Port None >>>>> Closed) >>>>> Aug 9 20:42:04 phoenix303 media-dispatcher[10797]: (Port 25061 >>>>> Closed) >>>>> Aug 9 20:42:04 phoenix303 media-dispatcher[10797]: (Port 25060 >>>>> Closed) >>>>> Aug 9 20:42:04 phoenix303 media-dispatcher[10797]: Connection with >>>>> relay >>>>> at 176.16.100.150 was closed >>>>> Aug 9 20:42:04 phoenix303 media-dispatcher[10797]: Main loop >>>>> terminated. >>>>> Aug 9 20:42:05 phoenix303 media-dispatcher[10816]: Log opened. >>>>> Aug 9 20:42:05 phoenix303 media-dispatcher[10816]: warning: >>>>> startSyslog >>>>> is being deprecated and will be removed in 1.2.0. Use the >>>>> start_syslog >>>>> function instead. >>>>> Aug 9 20:42:05 phoenix303 media-dispatcher[10816]: Starting >>>>> MediaProxy >>>>> Dispatcher 2.3.4 >>>>> Aug 9 20:42:05 phoenix303 media-dispatcher[10816]: Twisted is >>>>> using >>>>> epollreactor >>>>> Aug 9 20:42:06 phoenix303 media-dispatcher[10816]: >>>>> mediaproxy.dispatcher.RelayFactory starting on 25060 >>>>> Aug 9 20:42:06 phoenix303 media-dispatcher[10816]: >>>>> mediaproxy.dispatcher.OpenSIPSControlFactory starting on >>>>> "'/var/run/mediaproxy/dispatcher.sock'" >>>>> Aug 9 20:42:06 phoenix303 media-dispatcher[10816]: >>>>> mediaproxy.dispatcher.ManagementControlFactory starting on 25 >>>>> >>>>> >>>>> >>>> >>>> >>>> ----- >>>> http://opensips.blogspot.com http://opensips.blogspot.com >>>> -- >>>> View this message in context: >>>> http://n2.nabble.com/Error%3A-A-TLS-packet-with-unexpected-length-was-received.-tp3415244p3434560.html >>>> Sent from the OpenSIPS - Users mailing list archive at Nabble.com. >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> >>> -- >>> Dan >>> >>> >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> >> >> >> ----- >> http://opensips.blogspot.com http://opensips.blogspot.com >> -- >> View this message in context: >> http://n2.nabble.com/Error-A-TLS-packet-with-unexpected-length-was-received-tp3415244p3704412.html >> Sent from the OpenSIPS - Users mailing list archive at Nabble.com. >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > -- > Dan > > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ----- http://opensips.blogspot.com http://opensips.blogspot.com -- View this message in context: http://n2.nabble.com/Error-A-TLS-packet-with-unexpected-length-was-received-tp3415244p3709810.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
