Re: [OpenSIPS-Users] Wrong TCP socket being used on TLS registrations

2023-09-02 Thread rvg
Hi, again,

Did this work any time before?
I have force_rport(),  fix_nated_register() active and as follows:



if (nat_uac_test("diff-ip-src-contact")) {



if (is_method("REGISTER")) {



fix_nated_register();



setbflag("NAT");



} else {



fix_nated_contact();  <



setflag("NAT");



}



}


But in my tcpdump I only see 1 natted address. Which would mean opensips 
suddenly forgets the register with the other natted address  
fix_nated_register().
we would like to see both natted ip adresses. The public IPv4 address is the 
only one addressed.


Regards

Ronald






September 2, 2023 at 2:17 AM, "Ray Jackson"  wrote:


> 
> Hi all,
> 
>  
> 
> I'm facing a weird issue which I think is related to broken TCP socket reuse 
> logic where the wrong client is receiving incoming calls due to the wrong 
> socket being used for the incoming INVITE. 
> 
>  
> 
> The scenario is when I have 2 clients registering using TLS behind NAT at the 
> same Public IPv4 address and both clients are using the same private port 
> number.  So client 1 registers and the Via and contact header looks like: 
> 
>  
> 
> **Via: ** SIP/2.0/TLS 
> 192.168.42.162:5062;**branch=**z9hG4bK1409895926;rport;alias**Contact: ** 
> ;**reg-id=**2;+sip.instance="
>  urn:uuid:--1000-8000-C074AD928AC4 "
> 
>  
> 
> Client 2 registers from behind the same Public IPv4 address and the Via and 
> contact header looks like:
> 
>  
> 
> **Via: ** SIP/2.0/TLS 
> 192.168.42.186:5062;**branch=**z9hG4bK-aff1f3b3**Contact: ** 
> ;expire**s=**300
> 
>  
> 
> The location table shows Client 1 received field of 103.212.1.2:5062 and 
> Client 103.212.1.2:23456 
> 
>  
> 
> When a call comes in for Client 1 the location lookup seems to return the 
> correct 'received' address and port (e.g. 103.212.1.2:5062) and all the logs 
> indicate that this is where the SIP INVITE *should* be going to (in the $du 
> field).  However when you check the SIP traffic it selects Client 2's socket 
> and the traffic goes to port 23456 instead of 5062.
> 
>  
> 
> I think this is related somehow to the TCP port reuse logic inside Opensips.  
> My suspicion is that Opensips is looking at the Contact or Via port number 
> (which is the same for both client 1 and 2) and then somehow mapping this to 
> the wrong TCP received socket.
> 
>  
> 
> Does anybody have any suggestions here?  Should I be fixing the NAT in the 
> Contact header (using fix_nated_contact).  I read somewhere that you 
> shouldn't rewrite the Contact header to avoid problems with sending a 
> different Contact URI to the client on calls.  Or is this issue more related 
> to the Via header and the TCP port reuse logic looking at this port instead 
> of the actual received port when choosing the outgoing socket?
> 
>  
> 
> FYI: I am using both force_rport() and fix_nated_register() for incoming 
> registrations from these clients and matching_mode of 0 in usrloc.  However, 
> I am not using fix_nated_contact() for registrations.
> 
>  
> 
> Thanks,
> 
>  
> 
> Ray
>___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


Re: [OpenSIPS-Users] Wrong TCP socket being used on TLS registrations

2023-09-02 Thread rvg
Hi Ray,

I am interested the solution or comments you receive. I have a similar problem. 
I have no voice or oneway voice on one of the clients. But I could work around 
it as I am using softphones on iphones as client. My work around was to turn 
wifi off on one of the clients, so this client gets the public IP of the phone 
subscription. But I still have this problem is both clients are in the same NAT.

Regards,

Ronald



September 2, 2023 at 2:17 AM, "Ray Jackson"  wrote:


> 
> Hi all,
> 
>  
> 
> I'm facing a weird issue which I think is related to broken TCP socket reuse 
> logic where the wrong client is receiving incoming calls due to the wrong 
> socket being used for the incoming INVITE. 
> 
>  
> 
> The scenario is when I have 2 clients registering using TLS behind NAT at the 
> same Public IPv4 address and both clients are using the same private port 
> number.  So client 1 registers and the Via and contact header looks like: 
> 
>  
> 
> **Via: ** SIP/2.0/TLS 
> 192.168.42.162:5062;**branch=**z9hG4bK1409895926;rport;alias**Contact: ** 
> ;**reg-id=**2;+sip.instance="
>  urn:uuid:--1000-8000-C074AD928AC4 "
> 
>  
> 
> Client 2 registers from behind the same Public IPv4 address and the Via and 
> contact header looks like:
> 
>  
> 
> **Via: ** SIP/2.0/TLS 
> 192.168.42.186:5062;**branch=**z9hG4bK-aff1f3b3**Contact: ** 
> ;expire**s=**300
> 
>  
> 
> The location table shows Client 1 received field of 103.212.1.2:5062 and 
> Client 103.212.1.2:23456 
> 
>  
> 
> When a call comes in for Client 1 the location lookup seems to return the 
> correct 'received' address and port (e.g. 103.212.1.2:5062) and all the logs 
> indicate that this is where the SIP INVITE *should* be going to (in the $du 
> field).  However when you check the SIP traffic it selects Client 2's socket 
> and the traffic goes to port 23456 instead of 5062.
> 
>  
> 
> I think this is related somehow to the TCP port reuse logic inside Opensips.  
> My suspicion is that Opensips is looking at the Contact or Via port number 
> (which is the same for both client 1 and 2) and then somehow mapping this to 
> the wrong TCP received socket.
> 
>  
> 
> Does anybody have any suggestions here?  Should I be fixing the NAT in the 
> Contact header (using fix_nated_contact).  I read somewhere that you 
> shouldn't rewrite the Contact header to avoid problems with sending a 
> different Contact URI to the client on calls.  Or is this issue more related 
> to the Via header and the TCP port reuse logic looking at this port instead 
> of the actual received port when choosing the outgoing socket?
> 
>  
> 
> FYI: I am using both force_rport() and fix_nated_register() for incoming 
> registrations from these clients and matching_mode of 0 in usrloc.  However, 
> I am not using fix_nated_contact() for registrations.
> 
>  
> 
> Thanks,
> 
>  
> 
> Ray
>___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


[OpenSIPS-Users] opensips startup errors

2023-09-02 Thread Prathibha B
ERROR:rtpengine:send_rtpe_command: can't send (#7 iovec buffers) command to
a RTP proxy (111:Connection refused)
Sep  2 09:47:27 [147483] ERROR:rtpengine:send_rtpe_command: can't send (#7
iovec buffers) command to a RTP proxy (111:Connection refused)
Sep  2 09:47:27 [147483] ERROR:rtpengine:send_rtpe_command: can't send (#7
iovec buffers) command to a RTP proxy (111:Connection refused)
Sep  2 09:47:27 [147483] ERROR:rtpengine:send_rtpe_command: timeout waiting
reply from a RTP proxy
Sep  2 09:47:27 [147483] ERROR:rtpengine:send_rtpe_command: proxy  does not respond, disable it
Sep  2 09:47:27 [147483] ERROR:rtpengine:rtpe_test: proxy did not respond
to ping
Sep  2 09:47:30 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:47:30 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:47:30 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:47:50 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:47:50 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:47:50 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:48:09 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:48:09 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:48:09 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:48:27 [147498] ERROR:rtpengine:send_rtpe_command: can't send (#7
iovec buffers) command to a RTP proxy (111:Connection refused)
Sep  2 09:48:27 [147498] ERROR:rtpengine:send_rtpe_command: can't send (#7
iovec buffers) command to a RTP proxy (111:Connection refused)
Sep  2 09:48:27 [147498] ERROR:rtpengine:send_rtpe_command: can't send (#7
iovec buffers) command to a RTP proxy (111:Connection refused)
Sep  2 09:48:27 [147498] ERROR:rtpengine:send_rtpe_command: timeout waiting
reply from a RTP proxy
Sep  2 09:48:27 [147498] ERROR:rtpengine:send_rtpe_command: proxy  does not respond, disable it
Sep  2 09:48:27 [147498] ERROR:rtpengine:rtpe_test: proxy did not respond
to ping
Sep  2 09:48:29 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:48:29 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:48:29 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:48:29 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:48:29 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:48:29 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:48:48 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:48:48 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:48:48 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:49:07 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:49:07 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:49:07 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:49:26 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:49:26 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:49:26 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:49:27 [147498] ERROR:rtpengine:send_rtpe_command: can't send (#7
iovec buffers) command to a RTP proxy (111:Connection refused)
Sep  2 09:49:27 [147498] ERROR:rtpengine:send_rtpe_command: can't send (#7
iovec buffers) command to a RTP proxy (111:Connection refused)
Sep  2 09:49:27 [147498] ERROR:rtpengine:send_rtpe_command: timeout waiting
reply from a RTP proxy
Sep  2 09:49:27 [147498] ERROR:rtpengine:send_rtpe_command: proxy  does not respond, disable it
Sep  2 09:49:27 [147498] ERROR:rtpengine:rtpe_test: proxy did not respond
to ping
Sep  2 09:49:46 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:49:46 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:49:46 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
Sep  2 09:49:46 [147490] ERROR:proto_wss:wss_conn_init: no TLS server
domain found
Sep  2 09:49:46 [147490] ERROR:core:handle_io: failed to do proto 6
specific init for conn 0x7f2c4123d130
Sep  2 09:49:46 [147499] ERROR:proto_wss:ws_conn_clean: Failed to retrieve
the tls_domain pointer in the SSL struct
^C
root@ip-172-31-34-24:/etc/opensips#