Re: [OpenSIPS-Users] OpenSIPS : no 407 retransmission

2022-05-04 Thread Daniel Zanutti 
Well, I don't have your script, cannot help further. If you are proxying,
you should proxy every message.

Maybe you are mixing stateful and stateless forwarding and are not handling
all scenarios?

It could be an Opensips problem, but again, don't know what you are doing
internally.



On Wed, May 4, 2022 at 2:19 PM Yannick LE COENT 
wrote:

> Hi Daniel,
>
> I do not think the ACK is sent by my script. It is sent by the TM module
> since it is a negative response.
> Am I wrong ?
>
> Thanks,
> Yannick
>
> Le 04/05/2022 à 18:48, Daniel Zanutti a écrit :
>
> Hi Yannick
>
> I think you should not reply with ACK to the 407 from destination. Just
> forward 407 to origin and wait for ACK. As soon you receive ACK from
> origin, you forward to destination.
>
> It's more like a stateless but I believe it's the only way.
>
> Regards
>
> On Tue, May 3, 2022 at 12:16 PM Yannick LE COENT <
> yannick.leco...@nexcom.fr> wrote:
>
>> Hello Daniel,
>>
>> This is not what I looking for.
>> My OpenSIPS instance is working as a relay between the softphone and
>> another proxy (proxy#2 in the call).
>> So it does not handle authentication.
>>
>> Alice   OpenSIPS  Proxy#2
>>| INVITE ||
>>|--->| INVITE |
>>|  100 Tring |--->|
>>|<---|407 |
>>||<---|
>>|| ACK|
>>||--->|
>>|407 ||
>>| X<-||
>>|  (no retrans.) ||
>>
>> When the 407 is lost between OpenSIPS and Alice, it is not retransmitted
>> by OpenSIPS.
>>
>> I would like to force retransmission.
>>
>> Thanks,
>> Yannick
>>
>> Le 03/05/2022 à 15:16, Daniel Zanutti a écrit :
>>
>> Generate in Stateful -> www_challenge or proxy_challenge?
>> https://opensips.org/html/docs/modules/3.2.x/auth.html
>>
>> Is this what you are looking for?
>>
>>
>> On Tue, May 3, 2022 at 3:50 AM Yannick LE COENT <
>> yannick.leco...@nexcom.fr> wrote:
>>
>>> Hello all,
>>>
>>> Could you tell if there is a way to enable 407 in stateful mode ?
>>>
>>> Thanks,
>>> Yannick
>>>
>>> Le 30/04/2022 à 18:14, Yannick LE COENT a écrit :
>>>
>>> Hello Ben,
>>>
>>> Thanks for your answer.
>>>
>>> This problem occurs when OpenSIPS is not in charge of authenticating the
>>> INVITE request, but this is done downstream.
>>> I've sent this question to know if somebody has already solved this kind
>>> of problem.
>>>
>>> Best regards,
>>> Yannick
>>>
>>> Le 30/04/2022 à 16:15, Ben Newlin a écrit :
>>>
>>> I see. Apologies, I misunderstood the problem scenario.
>>>
>>>
>>>
>>> Ben Newlin
>>>
>>>
>>>
>>> *From: *Users 
>>>  on behalf of Yannick LE COENT
>>>  
>>> *Date: *Saturday, April 30, 2022 at 5:46 AM
>>> *To: *OpenSIPS users mailling list 
>>> 
>>> *Subject: *Re: [OpenSIPS-Users] OpenSIPS : no 407 retransmission
>>>
>>> *EXTERNAL EMAIL - Please use caution with links and attachments *
>>>
>>>
>>> --
>>>
>>> Hello Ben,
>>>
>>> The 407 is sent upstream, but when it is lost, it is not retransmitted
>>> by OpenSIPS.
>>> I do not have this problem with other negative status codes (e.g. 486).
>>>
>>> This is clearly explained in
>>> https://opensips.org/pub/opensips/1.8.6/src/ChangeLog
>>>
>>> 2012-03-21 18:36:58  Bogdan-Andrei Iancu, 
>>> * [8811] :
>>>
>>> TM will no longer do retransmission for the 407/401 replies (if no
>>> ACK is received) for both local or proxied replies.
>>>
>>> According to RFC 3261, retransmitting 407s/401s is probably a bad
>>> idea:
>>>
>>> 26.3.2.4 DoS Protection
>>>
>>> At the moment, my only solution is to use forward() instead of t_relay()
>>> in order to use the stateless mode.
>>>
>>> Yannick
>>>
>>>
>>> Yannick,
>>>
>>>
>>>
>>> The default behavior of OpenSIPS is to relay any received responses back 
>>> upstream. If it is not doing that it would have to be because you are 
>>> stopping it in the script. Take a look at the documentation for 
>>> failure_route [1] which explains this. Check your own failure_route in your 
>>> script; you must be doing something there that is telling OpenSIPS not to 
>>> relay the 401/407 back upstream.
>>>
>>>
>>>
>>> [1] https://www.opensips.org/Documentation/Script-Routes-2-4#toc3
>>>
>>>
>>>
>>> Ben Newlin
>>>
>>>
>>>
>>> From: Users  
>>>  on behalf of Yannick LE COENT 
>>>  
>>>
>>> Date: Friday, April 29, 2022 at 6:44 PM
>>>
>>> To: users@lists.opensips.org  
>>> 
>>>
>>> Subject: [OpenSIPS-Users] OpenSIPS : no 407 retransmission
>>>
>>> EXTERNAL EMAIL - Please use caution with links and attachments
>>>
>>>
>>>
>>> Hello,
>>>
>>>
>>>
>>> I'm using OpenSIPS as a proxy in front of another proxy. The 2nd proxy
>>>
>>> is in charge of authenticating the request.
>>>
>>>
>>>
>>> This is the callflow:
>>>
>>>
>>>
>>> Alice   OpenSIPS  Proxy#2
>>>
>>>| INVITE ||
>>>
>>>|---

Re: [OpenSIPS-Users] OpenSIPS : no 407 retransmission

2022-05-04 Thread Yannick LE COENT 

Hi Daniel,

I do not think the ACK is sent by my script. It is sent by the TM module 
since it is a negative response.

Am I wrong ?

Thanks,
Yannick

Le 04/05/2022 à 18:48, Daniel Zanutti a écrit :

Hi Yannick

I think you should not reply with ACK to the 407 from destination. 
Just forward 407 to origin and wait for ACK. As soon you receive ACK 
from origin, you forward to destination.


It's more like a stateless but I believe it's the only way.

Regards

On Tue, May 3, 2022 at 12:16 PM Yannick LE COENT 
 wrote:


Hello Daniel,

This is not what I looking for.
My OpenSIPS instance is working as a relay between the softphone
and another proxy (proxy#2 in the call).
So it does not handle authentication.

Alice   OpenSIPS Proxy#2
   | INVITE | |
|--->| INVITE |
|  100 Tring |--->|
|<---|    407 |
|    |<---|
|    | ACK    |
|    |--->|
|    407 |    |
| X<-|    |
   |  (no retrans.) | |

When the 407 is lost between OpenSIPS and Alice, it is not
retransmitted by OpenSIPS.

I would like to force retransmission.

Thanks,
Yannick

Le 03/05/2022 à 15:16, Daniel Zanutti a écrit :

Generate in Stateful -> www_challenge or proxy_challenge?
https://opensips.org/html/docs/modules/3.2.x/auth.html

Is this what you are looking for?


On Tue, May 3, 2022 at 3:50 AM Yannick LE COENT
 wrote:

Hello all,

Could you tell if there is a way to enable 407 in stateful mode ?

Thanks,
Yannick

Le 30/04/2022 à 18:14, Yannick LE COENT a écrit :

Hello Ben,

Thanks for your answer.

This problem occurs when OpenSIPS is not in charge of
authenticating the INVITE request, but this is done downstream.
I've sent this question to know if somebody has already
solved this kind of problem.

Best regards,
Yannick

Le 30/04/2022 à 16:15, Ben Newlin a écrit :


I see. Apologies, I misunderstood the problem scenario.

Ben Newlin

*From: *Users 
 on behalf of
Yannick LE COENT 

*Date: *Saturday, April 30, 2022 at 5:46 AM
*To: *OpenSIPS users mailling list
 
*Subject: *Re: [OpenSIPS-Users] OpenSIPS : no 407
retransmission

*EXTERNAL EMAIL - Please use caution with links and
attachments *



Hello Ben,

The 407 is sent upstream, but when it is lost, it is not
retransmitted by OpenSIPS.
I do not have this problem with other negative status codes
(e.g. 486).

This is clearly explained in
https://opensips.org/pub/opensips/1.8.6/src/ChangeLog

2012-03-21 18:36:58  Bogdan-Andrei Iancu, 
    * [8811] :

    TM will no longer do retransmission for the 407/401
replies (if no ACK is received) for both local or
proxied replies.

    According to RFC 3261, retransmitting 407s/401s is
probably a bad idea:

    26.3.2.4 DoS Protection

At the moment, my only solution is to use forward() instead
of t_relay() in order to use the stateless mode.

Yannick


Yannick,

  


The default behavior of OpenSIPS is to relay any received responses 
back upstream. If it is not doing that it would have to be because you are 
stopping it in the script. Take a look at the documentation for failure_route 
[1] which explains this. Check your own failure_route in your script; you must 
be doing something there that is telling OpenSIPS not to relay the 401/407 back 
upstream.

  


[1]https://www.opensips.org/Documentation/Script-Routes-2-4#toc3

  


Ben Newlin

  


From: Users  
  on behalf of Yannick LE 
COENT  

Date: Friday, April 29, 2022 at 6:44 PM

To:users@lists.opensips.org


Subject: [OpenSIPS-Users] OpenSIPS : no 407 retransmission

EXTERNAL EMAIL - Please use caution with links and attachments

  


Hello,

  


I'm using OpenSIPS as a proxy in front of another proxy. The 2nd 
proxy

is in charge of authenticating the request.

  


This is the callflow:

  


Alice   OpenSIPS  Proxy#2

    | INVITE |   

Re: [OpenSIPS-Users] OpenSIPS : no 407 retransmission

2022-05-04 Thread Daniel Zanutti 
Hi Yannick

I think you should not reply with ACK to the 407 from destination. Just
forward 407 to origin and wait for ACK. As soon you receive ACK from
origin, you forward to destination.

It's more like a stateless but I believe it's the only way.

Regards

On Tue, May 3, 2022 at 12:16 PM Yannick LE COENT 
wrote:

> Hello Daniel,
>
> This is not what I looking for.
> My OpenSIPS instance is working as a relay between the softphone and
> another proxy (proxy#2 in the call).
> So it does not handle authentication.
>
> Alice   OpenSIPS  Proxy#2
>| INVITE ||
>|--->| INVITE |
>|  100 Tring |--->|
>|<---|407 |
>||<---|
>|| ACK|
>||--->|
>|407 ||
>| X<-||
>|  (no retrans.) ||
>
> When the 407 is lost between OpenSIPS and Alice, it is not retransmitted
> by OpenSIPS.
>
> I would like to force retransmission.
>
> Thanks,
> Yannick
>
> Le 03/05/2022 à 15:16, Daniel Zanutti a écrit :
>
> Generate in Stateful -> www_challenge or proxy_challenge?
> https://opensips.org/html/docs/modules/3.2.x/auth.html
>
> Is this what you are looking for?
>
>
> On Tue, May 3, 2022 at 3:50 AM Yannick LE COENT 
> wrote:
>
>> Hello all,
>>
>> Could you tell if there is a way to enable 407 in stateful mode ?
>>
>> Thanks,
>> Yannick
>>
>> Le 30/04/2022 à 18:14, Yannick LE COENT a écrit :
>>
>> Hello Ben,
>>
>> Thanks for your answer.
>>
>> This problem occurs when OpenSIPS is not in charge of authenticating the
>> INVITE request, but this is done downstream.
>> I've sent this question to know if somebody has already solved this kind
>> of problem.
>>
>> Best regards,
>> Yannick
>>
>> Le 30/04/2022 à 16:15, Ben Newlin a écrit :
>>
>> I see. Apologies, I misunderstood the problem scenario.
>>
>>
>>
>> Ben Newlin
>>
>>
>>
>> *From: *Users 
>>  on behalf of Yannick LE COENT
>>  
>> *Date: *Saturday, April 30, 2022 at 5:46 AM
>> *To: *OpenSIPS users mailling list 
>> 
>> *Subject: *Re: [OpenSIPS-Users] OpenSIPS : no 407 retransmission
>>
>> *EXTERNAL EMAIL - Please use caution with links and attachments *
>>
>>
>> --
>>
>> Hello Ben,
>>
>> The 407 is sent upstream, but when it is lost, it is not retransmitted by
>> OpenSIPS.
>> I do not have this problem with other negative status codes (e.g. 486).
>>
>> This is clearly explained in
>> https://opensips.org/pub/opensips/1.8.6/src/ChangeLog
>>
>> 2012-03-21 18:36:58  Bogdan-Andrei Iancu, 
>> * [8811] :
>>
>> TM will no longer do retransmission for the 407/401 replies (if no
>> ACK is received) for both local or proxied replies.
>>
>> According to RFC 3261, retransmitting 407s/401s is probably a bad
>> idea:
>>
>> 26.3.2.4 DoS Protection
>>
>> At the moment, my only solution is to use forward() instead of t_relay()
>> in order to use the stateless mode.
>>
>> Yannick
>>
>>
>> Yannick,
>>
>>
>>
>> The default behavior of OpenSIPS is to relay any received responses back 
>> upstream. If it is not doing that it would have to be because you are 
>> stopping it in the script. Take a look at the documentation for 
>> failure_route [1] which explains this. Check your own failure_route in your 
>> script; you must be doing something there that is telling OpenSIPS not to 
>> relay the 401/407 back upstream.
>>
>>
>>
>> [1] https://www.opensips.org/Documentation/Script-Routes-2-4#toc3
>>
>>
>>
>> Ben Newlin
>>
>>
>>
>> From: Users  
>>  on behalf of Yannick LE COENT 
>>  
>>
>> Date: Friday, April 29, 2022 at 6:44 PM
>>
>> To: users@lists.opensips.org  
>> 
>>
>> Subject: [OpenSIPS-Users] OpenSIPS : no 407 retransmission
>>
>> EXTERNAL EMAIL - Please use caution with links and attachments
>>
>>
>>
>> Hello,
>>
>>
>>
>> I'm using OpenSIPS as a proxy in front of another proxy. The 2nd proxy
>>
>> is in charge of authenticating the request.
>>
>>
>>
>> This is the callflow:
>>
>>
>>
>> Alice   OpenSIPS  Proxy#2
>>
>>| INVITE ||
>>
>>|--->| INVITE |
>>
>>|  100 Tring |--->|
>>
>>|<---|407 |
>>
>>||<---|
>>
>>|| ACK|
>>
>>||--->|
>>
>>|407 ||
>>
>>| X<-||
>>
>>|||
>>
>>
>>
>> Since OpenSIPS does not retransmit 401/407, the call setup gets stuck.
>>
>>
>>
>> What can I do ?
>>
>> If I set auto_100trying=1, that works, but this increases the number of
>>
>> INVITE retransmissions since 180Ringing are not received instantly.
>>
>>
>>
>> Do you have any suggestion ?
>>
>>
>>
>> Thanks,
>>
>> Yannick
>>
>>
>> ___
>> Users mailing

Re: [OpenSIPS-Users] Query regarding AWS document BD using through Opensips .

2022-05-04 Thread Sasmita Panda 
Hi,

Its not about the domain length . Its about the tls parameter . When I
created a document db without tls that was connected successfully . I think
with tls , the configuration is something different which I am missing .

Thanks for your suggestion.


*Thanks & Regards*
*Sasmita Panda*
*Senior Network Testing and Software Engineer*
*3CLogic , ph:07827611765*


On Fri, Apr 29, 2022 at 7:05 PM Kevin Wormington 
wrote:

> Hi Samita,
>
> I don’t have any experience with AWS but from the error message OpenSIPS
> is logging the hostname of the server cannot be resolved.  The hostname
> also appears to be truncated.   Have you tried using the IP address instead
> of hostname or making a CNAME dns entry for the host that is shorter?
>  Perhaps this is some parameter length limit.
>
> Kevin
> > On Apr 29, 2022, at 8:23 AM, Sasmita Panda  wrote:
> >
> > Hi All ,
> >
> >
> > I was exploring fullsharing-cachedb-cluster in opensips 3.2 . I have
> tested this with single stand alone mongo db instance . Its working
> perfectly fine .
> >
> > I know that AWS document DB is mongodb compatible . So I want to explore
> that . Because we are using AWS cloud for our deployment .
> >
> > I have created a single instance of Document DB cluster . I want to
> connect to that from the opensips script . There was no error while
> starting opensips . But when opensips tried to write data in the db its
> threw an error .
> >
> >
> >  ERROR:usrloc:release_urecord: failed to flush AoR
> default_line_11...@p2p-cachedb.xyz.com
> >  ERROR:cachedb_mongodb:mongo_con_update: last error: 15.13053: No
> suitable servers found (`serverselectiontryonce` set): [Failed to resolve
> 'docdb-2022-04-27-10-26-28.cluster-cryhhicuxgzu.us-east-1.docdb.amdocdb-2022-04-27-10-26-28.cluster-cryhhicuxgzu.us-east-1.docdb.amazona']
> >  ERROR:usrloc:cdb_flush_urecord: cache update query for AoR
> hynode2_calldefa...@p2p-cachedb.xyz.com failed!
> >
> >
> > My configuration file looks like below  . same for usrloc and db_cachedb
> >
> > modparam("cachedb_mongodb", "cachedb_url","mongodb://
> > ?
> master:opensi...@docdb-2022.cluster-cryhhicuxgzu.us-east-1.docdb.amazonaws.com:27017/db.test/
> >
> ?ssl=true&ssl_ca_certs=/usr/local/src/etc/opensips/rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false")
> >
> > In document db it also its says the same way we can connect to docdb
> from an application .
> >
> > I have tried so many ways to resolve this . But without any luck .
> Please help me out if anybody has used a document db through any
> application can also reply .
> >
> >
> > Thanks & Regards
> > Sasmita Panda
> > Senior Network Testing and Software Engineer
> > 3CLogic , ph:07827611765
> > ___
> > Users mailing list
> > Users@lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] TCP connection relay issue

2022-05-04 Thread Devang Dhandhalya via Users 
Hi All

Issue is whenever i am sending Register or INVITE request with TCP in
opensips using tcp connection to relay request to Freeswitch server while i
want to use UDP socket to send Request from OpenSIPs to Freeswitch , using
mid registrar for registering users.
OpenSIPS version : 3.2.2

flow :end user -> OpenSIPS -> Freeswitch -> OpenSIPS -> enduser
OpenSIPS configuration  :
tcp_connect_timeout=3000
tcp_connection_lifetime = 3615

socket=udp:192.168.0.1:5060 as 1.2.3.4:5060
socket=tcp:192.168.0.1:5060 as 1.2.3.4:5060

loadmodule "proto_tcp.so"
modparam("proto_tcp", "tcp_async", 1)
modparam("proto_tcp", "tcp_send_timeout", 3000)
modparam("proto_tcp", "tcp_async_local_connect_timeout", 3000)
modparam("proto_tcp", "tcp_async_local_write_timeout", 3000)
modparam("proto_tcp", "tcp_max_msg_chunks", 8)

I used force_send_socket , $fs function to use UDP socket but still
OpenSIPS using tcp connection for relay packet to Freeswitch any other
functionality which overwrites this core function .
In another setup the same configuration but opensips sends requests using a
UDP socket. That's strange for me because of the same setup  .
There is a particular configuration that we use tcp connection / UDP socket
to relay packets.

Kindly inform me how we send requests using UDP socket instead of tcp
connections.

Regards
Devang Dhandhalya

-- 
*Disclaimer*
In addition to generic Disclaimer which you have agreed on our 
website, any views or opinions presented in this email are solely those of 
the originator and do not necessarily represent those of the Company or its 
sister concerns. Any liability (in negligence, contract or otherwise) 
arising from any third party taking any action, or refraining from taking 
any action on the basis of any of the information contained in this email 
is hereby excluded.



*Confidentiality*
This communication (including any 
attachment/s) is intended only for the use of the addressee(s) and contains 
information that is PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, 
dissemination, distribution, or copying of this communication is 
prohibited. Please inform originator if you have received it in error.


*Caution for viruses, malware etc.*
This communication, including any 
attachments, may not be free of viruses, trojans, similar or new 
contaminants/malware, interceptions or interference, and may not be 
compatible with your systems. You shall carry out virus/malware scanning on 
your own before opening any attachment to this e-mail. The sender of this 
e-mail and Company including its sister concerns shall not be liable for 
any damage that may incur to you as a result of viruses, incompleteness of 
this message, a delay in receipt of this message or any other computer 
problems. 
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users