Hi, I'm getting a problem connecting to one of my uplink peers, every time I can see this error:
Apr 23 19:01:04 INFO:core:probe_max_sock_buff: using snd buffer of 416 kb Apr 23 19:01:04 INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 6 Apr 23 19:01:04 ERROR:core:tcp_connect_blocking_timeout: timeout 99221 ms elapsed from 100000 s Apr 23 19:01:04 ERROR:proto_tls:tls_sync_connect: tcp_blocking_connect failed Apr 23 19:01:04 ERROR:proto_tls:proto_tls_send: connect failed Apr 23 19:01:04 ERROR:tm:msg_send: send() to X.X.X.X:5061 for proto tls/3 failed Apr 23 19:01:04 ERROR:tm:t_forward_nonack: sending request failed At the very same time from the same server I can issue a curl -vvvI https://X.X.X.X:5061 and it connects fine, gets SSL certificate and validates it fine too. Also I can connect with telnet on that port without any issues. But every time OpenSIPS tries to connect it just logs the error above. From tcpdump I can see that server has replied and OpenSIPS immediately sent a TCP RESET packet: 19:01:50.337572 IP OpenSIPS.42145 > X.X.X.X.5061: Flags [S], seq 2223035123, win 29200, options [mss 1460,sackOK,TS val 1224726953 ecr 0,nop,wscale 7], length 0 .-..p%.PV.gx..E..<*.@[email protected]]R.4rK...............r.9%......... H........... 19:01:50.634142 IP X.X.X.X.5061 > OpenSIPS.42145: Flags [S.], seq 4293652737, ack 2223035124, win 8192, options [mss 1440,nop,wscale 8,sackOK,TS val 789606171 ecr 1224726953], length 0 .PV.gx.-..p%..E..<`<@.d.}.4rK.g]R............... .-n............. /.o.H... 19:01:50.634219 IP OpenSIPS.42145 > X.X.X.X.5061: Flags [R], seq 2223035124, win 0, length 0 .-..p%.PV.gx..E..(^q@[email protected]]R.4rK.............P...g... I've got a very basic TLS configuration on my server, here it is: modparam("tls_mgm", "tls_method", "TLSv1_2") modparam("tls_mgm", "tls_handshake_timeout", 20000) modparam("tls_mgm", "tls_send_timeout", 20000) modparam("tls_mgm", "client_domain_avp", "tls_sip_dom") modparam("tls_mgm", "ca_list", "/etc/opensips/ssl/ca_list.crt") modparam("tls_mgm", "certificate", "/etc/opensips/ssl/wildcard.crt") modparam("tls_mgm", "private_key", "/etc/opensips/ssl/wildcard.pem") modparam("tls_mgm", "verify_cert", "0") modparam("tls_mgm", "require_cert", "0") loadmodule "proto_udp.so" loadmodule "proto_hep.so" loadmodule "proto_tls.so" modparam("proto_tls", "tls_port", 7061) In the routing logic script I'm doing this (it's a test server so I'm only trying to connect via TLS): add_uri_param("transport=TLS"); rewritehostport("X.X.X.X:5061"); t_relay("tls:X.X.X.X:5061"); Any ideas why this may be happening? Thanks a lot! Best regards, Yury.
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
