Re: [OpenSIPS-Users] 3.2.15 installation
Thanks Liviu. On Tue, Oct 31, 2023, 9:23 AM Liviu Chircu wrote: > Hi! > > It seems there was an issue related to the tarball packing introduced in > the source tree a couple weeks *before* release day which confused me, as I > thought I was just building the tarball incorrectly on release day (e.g. > maybe due to a dirty directory or a bad script, etc.). > > A fix is now available and all opensips.org tarballs have been rebuilt. > Still, if you were to download the latest stable git tag and run "make tar" > yourself, of course you'd run into the same bug again (*no change there, > the git tag hasn't been moved*)... but that will also get resolved on the > next stable release round in a month or so. > > Best regards, > > On 26.10.2023 09:53, L S wrote: > > Thanks. We are having issues compiling from source on Centos (error > because of a patch related to wolfssl). Will try again. > > > > On Wed, Oct 25, 2023, 4:41 PM Knee Oh via Users > wrote: > >> Yes, compiled from source on Ubuntu 22.04. About to move to production. >> >> >> On Oct 25, 2023, at 4:35 PM, Joseph Jackson >> wrote: >> >> >> We have but we use the debian packages and we installed it on release day. >> >> >> >> -- >> *From:* Users on behalf of L S < >> efes99...@gmail.com> >> *Sent:* Wednesday, October 25, 2023 12:46 AM >> *To:* OpenSIPS users mailling list >> *Subject:* [OpenSIPS-Users] 3.2.15 installation >> >> Has anyone successfully installed 3.2.15 (revised on Oct 20th)? >> >> Thanks, >> Matt >> >> -- >> *From:* Users on behalf of L S < >> efes99...@gmail.com> >> *Sent:* Wednesday, October 25, 2023 12:46 AM >> *To:* OpenSIPS users mailling list >> *Subject:* [OpenSIPS-Users] 3.2.15 installation >> >> Has anyone successfully installed 3.2.15 (revised on Oct 20th)? >> >> Thanks, >> Matt >> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > ___ > Users mailing > listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > -- > Liviu Chircuwww.twitter.com/liviuchircu | www.opensips-solutions.com > OpenSIPS eBootcamp, Nov 6-17 | www.opensips.org/training > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] 3.2.15 installation
Thanks. We are having issues compiling from source on Centos (error because of a patch related to wolfssl). Will try again. On Wed, Oct 25, 2023, 4:41 PM Knee Oh via Users wrote: > Yes, compiled from source on Ubuntu 22.04. About to move to production. > > > On Oct 25, 2023, at 4:35 PM, Joseph Jackson > wrote: > > > We have but we use the debian packages and we installed it on release day. > > > > ------ > *From:* Users on behalf of L S < > efes99...@gmail.com> > *Sent:* Wednesday, October 25, 2023 12:46 AM > *To:* OpenSIPS users mailling list > *Subject:* [OpenSIPS-Users] 3.2.15 installation > > Has anyone successfully installed 3.2.15 (revised on Oct 20th)? > > Thanks, > Matt > > -- > *From:* Users on behalf of L S < > efes99...@gmail.com> > *Sent:* Wednesday, October 25, 2023 12:46 AM > *To:* OpenSIPS users mailling list > *Subject:* [OpenSIPS-Users] 3.2.15 installation > > Has anyone successfully installed 3.2.15 (revised on Oct 20th)? > > Thanks, > Matt > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] 3.2.15 installation
Has anyone successfully installed 3.2.15 (revised on Oct 20th)? Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [Release Freeze] Upcoming OpenSIPS 3.4.2, 3.3.8 and 3.2.15 Minor Releases
Hi Liviu, Doesn't that patch (lib/patches/wolfssl-internal-memleak-fix.patch) need to be in 3.2.15? You said you removed it. Thanks, Matt On Fri, Oct 20, 2023, 9:25 AM Liviu Chircu wrote: > On 19.10.2023 20:47, Alexander Kogan wrote: > > > > Hi! > > > > Failed to build 3.2.15 from opensips-3.2.15.tar.gz: > > > > make[3]: *** No rule to make target > > 'lib/patches/wolfssl-internal-memleak-fix.patch', needed by > > 'lib/patches/wolfssl-internal-memleak-fix.patched'. Stop. > > > Hi, Alexander! > > Good catch! I just rebuilt the tarball, as the faulty file (added by > accident) has been removed in the meantime. > > Best regards, > > -- > Liviu Chircu > www.twitter.com/liviuchircu | www.opensips-solutions.com > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [Release Freeze] Upcoming OpenSIPS 3.4.2, 3.3.8 and 3.2.15 Minor Releases
Hi Liviu, Just download the latest tarball. Seems like this issue is still happening. Thanks, Matt On Fri, Oct 20, 2023, 9:25 AM Liviu Chircu wrote: > On 19.10.2023 20:47, Alexander Kogan wrote: > > > > Hi! > > > > Failed to build 3.2.15 from opensips-3.2.15.tar.gz: > > > > make[3]: *** No rule to make target > > 'lib/patches/wolfssl-internal-memleak-fix.patch', needed by > > 'lib/patches/wolfssl-internal-memleak-fix.patched'. Stop. > > > Hi, Alexander! > > Good catch! I just rebuilt the tarball, as the faulty file (added by > accident) has been removed in the meantime. > > Best regards, > > -- > Liviu Chircu > www.twitter.com/liviuchircu | www.opensips-solutions.com > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [Release Freeze] Upcoming OpenSIPS 3.4.2, 3.3.8 and 3.2.15 Minor Releases
Hi Liviu, Just download the latest tarball. Seems like this issue is still happening. Thanks, Matt On Fri, Oct 20, 2023, 9:25 AM Liviu Chircu wrote: > On 19.10.2023 20:47, Alexander Kogan wrote: > > > > Hi! > > > > Failed to build 3.2.15 from opensips-3.2.15.tar.gz: > > > > make[3]: *** No rule to make target > > 'lib/patches/wolfssl-internal-memleak-fix.patch', needed by > > 'lib/patches/wolfssl-internal-memleak-fix.patched'. Stop. > > > Hi, Alexander! > > Good catch! I just rebuilt the tarball, as the faulty file (added by > accident) has been removed in the meantime. > > Best regards, > > -- > Liviu Chircu > www.twitter.com/liviuchircu | www.opensips-solutions.com > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Can't set TLS ciphers_list to NULL
Thanks Razvan. I have a similar set of ciphers, I will try one of the
variants.
I misinterpreted NULL in that context - I didn't think of it as the name of
a cipher - more like a generic value that tells Opensips/wolfssl not to
encrypt (for debugging).
Matt
On Mon, Oct 2, 2023, 5:36 AM Răzvan Crainea wrote:
> Hi, Matt!
>
> Are you sure that wolfssl supports the NULL cipher list? You can see all
> the available ciphers when OpenSIPS starts. For example, my setup has
> the following ciphers:
>
> ```
> Oct 2 09:56:43 [207525] INFO:tls_wolfssl:_wolfssl_show_ciphers:
> Ciphers:
>
> TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256:TLS13-AES128-CCM8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA:NULL-MD5:NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:AES128-CCM-8:AES128-CCM8:AES256-CCM-8:AES256-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-ECDSA-AES256-CCM8:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD:ADH-AES128-SHA:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:WDM-NULL-SHA256
>
> ```
>
> And plain NULL cipher is not available, only a set of its other variants.
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Core Developer / SIPhub CTO
> http://www.opensips-solutions.com / https://www.siphub.com
>
> On 9/30/23 17:16, L S wrote:
> > Wolfssl gives an error and Opensips doesn't start when trying to set the
> > ciphers_list to NULL for a client domain in 3.2.13.
> >
> > modparam("tls_mgm", "ciphers_list", "[testclient]NULL")
> >
> > ERROR:tls_wolfssl:_wolfssl_init_tls_dom: failure to set SSL context
> > cipher list 'NULL'
> >
> > Any suggestions?
> >
> > Thanks,
> > Matt
> >
> > ___
> > Users mailing list
> > Users@lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Can't set TLS ciphers_list to NULL
Wolfssl gives an error and Opensips doesn't start when trying to set the
ciphers_list to NULL for a client domain in 3.2.13.
modparam("tls_mgm", "ciphers_list", "[testclient]NULL")
ERROR:tls_wolfssl:_wolfssl_init_tls_dom: failure to set SSL context cipher
list 'NULL'
Any suggestions?
Thanks,
Matt
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Multiple TLS server domain setup
Thanks Razvan. On Wed, Sep 27, 2023, 9:55 AM Răzvan Crainea wrote: > Unfortunately no, it's either SNI, or a different port. There's > currently no way to filter based on source IP address. > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer / SIPhub CTO > http://www.opensips-solutions.com / https://www.siphub.com > > On 9/26/23 21:15, L S wrote: > > Hi, > > I'm trying to set up two tls domains for two sets of clients. First one > > requires TLSv1 (higher not supported), and the other one requires > > TLSv1_2 or higher. > > Right now the domain with tlsv1 is active on 5061 and has no issues. I'm > > trying to add the second domain. > > > > As far as I understand (do not have much experience with tls config), > > for incoming traffic (server domain), we can either ask them to use port > > 5062 or provide SNI so that they can also connect thru 5061. Not sure if > > they want to/can do that. Is there any other way we can distinguish > > these two clients; e.g. from the source ip? > > > > Thanks, > > Matt > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-cli skipping module tls
Hi Razvan, They don't match. Not sure if sth on my end causing this problem. I was using opensips-cli only to create the certificates. Anyway I used openssl directly instead to create the CA and server certificates. They are working fine. Thanks, Matt On Wed, Sep 27, 2023, 9:50 AM Răzvan Crainea wrote: > Can you actually check that the two (private key and certificate) match? > > https://www.ibm.com/support/pages/how-verify-if-private-key-matches-certificate > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer / SIPhub CTO > http://www.opensips-solutions.com / https://www.siphub.com > > On 9/26/23 19:54, L S wrote: > > Thanks Razvan. Installing the cryptography module fixed it - I was able > > to run both -x tls rootCA and userCERT, and create the certificates. > > > > However, when I start Opensips, I get the following error: > > ERROR:tls_wolfssl:load_private_key: key > > '/usr/local/etc/opensips/tls/server/privkey.pem' does not match the > > public key of the certificate > > > > I tried creating the certificates both on Centos 7 and Ubuntu Focal, and > > they both gave the same error. > > The data for the certificates comes from opensips-cli.cfg. I had created > > certificates with that cfg 3 months ago, and used in Opensips script > > without any issues. > > I only changed the domain name this time. > > > > Any suggestions? > > Thanks, > > Matt > > > > > > On Tue, Sep 26, 2023, 9:56 AM Răzvan Crainea > <mailto:raz...@opensips.org>> wrote: > > > > Can you double check whether you have the python-openssl or > > python-cryptography libraries? > > > > Best regards, > > > > Răzvan Crainea > > OpenSIPS Core Developer / SIPhub CTO > > http://www.opensips-solutions.com > > <http://www.opensips-solutions.com> / https://www.siphub.com > > <https://www.siphub.com> > > > > On 9/26/23 16:38, L S wrote: > > > I'm trying to create certificates using opensips-cli: > > > > > > opensips-cli - f /usr/local/etc/opensips-cli.cfg -d -x tls rootCA > > > DEBUG: Skipping module 'tls' - excluded on purpose > > > > > > ERROR: No module 'tls' loaded > > > > > > Trying to find out why I am getting this message now - it used to > > work > > > fine. All other modules are loaded. > > > > > > Thaks, > > > Matt > > > > > > ___ > > > Users mailing list > > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > <http://lists.opensips.org/cgi-bin/mailman/listinfo/users> > > > > ___ > > Users mailing list > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > <http://lists.opensips.org/cgi-bin/mailman/listinfo/users> > > > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-cli skipping module tls
I apologize if this is a duplicate post - ran into some errors while posting the first time. Thanks Razvan. Installing cryptography fixed that issue. I was able to run -x tls rootCA and userCERT, and create the certificates. However, when running Opensips I get this error now: ERROR:tls_wolfssl:load_private_key: key '/usr/local/etc/opensips/tls/server/privkey.pem' does not match the public key of the certificate I had created and used certificates with opensips-cli before without any issues. Opensips-cli.cfg is the same except for a small change to CN. All the paths are the same as before and correct. I compared the modulus of the server private key to the public key using openssl, and they are different. Btw I created certificates both in Centos 7 and Ubuntu Focal just to see if it matters; got the same error for both. Any ideas why this is happening? Thanks, Matt On Tue, Sep 26, 2023, 9:56 AM Răzvan Crainea wrote: > Can you double check whether you have the python-openssl or > python-cryptography libraries? > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer / SIPhub CTO > http://www.opensips-solutions.com / https://www.siphub.com > > On 9/26/23 16:38, L S wrote: > > I'm trying to create certificates using opensips-cli: > > > > opensips-cli - f /usr/local/etc/opensips-cli.cfg -d -x tls rootCA > > DEBUG: Skipping module 'tls' - excluded on purpose > > > > ERROR: No module 'tls' loaded > > > > Trying to find out why I am getting this message now - it used to work > > fine. All other modules are loaded. > > > > Thaks, > > Matt > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Multiple TLS server domain setup
Hi, I'm trying to set up two tls domains for two sets of clients. First one requires TLSv1 (higher not supported), and the other one requires TLSv1_2 or higher. Right now the domain with tlsv1 is active on 5061 and has no issues. I'm trying to add the second domain. As far as I understand (do not have much experience with tls config), for incoming traffic (server domain), we can either ask them to use port 5062 or provide SNI so that they can also connect thru 5061. Not sure if they want to/can do that. Is there any other way we can distinguish these two clients; e.g. from the source ip? Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-cli skipping module tls
Thanks Razvan. Installing the cryptography module fixed it - I was able to run both -x tls rootCA and userCERT, and create the certificates. However, when I start Opensips, I get the following error: ERROR:tls_wolfssl:load_private_key: key '/usr/local/etc/opensips/tls/server/privkey.pem' does not match the public key of the certificate I tried creating the certificates both on Centos 7 and Ubuntu Focal, and they both gave the same error. The data for the certificates comes from opensips-cli.cfg. I had created certificates with that cfg 3 months ago, and used in Opensips script without any issues. I only changed the domain name this time. Any suggestions? Thanks, Matt On Tue, Sep 26, 2023, 9:56 AM Răzvan Crainea wrote: > Can you double check whether you have the python-openssl or > python-cryptography libraries? > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer / SIPhub CTO > http://www.opensips-solutions.com / https://www.siphub.com > > On 9/26/23 16:38, L S wrote: > > I'm trying to create certificates using opensips-cli: > > > > opensips-cli - f /usr/local/etc/opensips-cli.cfg -d -x tls rootCA > > DEBUG: Skipping module 'tls' - excluded on purpose > > > > ERROR: No module 'tls' loaded > > > > Trying to find out why I am getting this message now - it used to work > > fine. All other modules are loaded. > > > > Thaks, > > Matt > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] opensips-cli skipping module tls
I'm trying to create certificates using opensips-cli: opensips-cli - f /usr/local/etc/opensips-cli.cfg -d -x tls rootCA DEBUG: Skipping module 'tls' - excluded on purpose ERROR: No module 'tls' loaded Trying to find out why I am getting this message now - it used to work fine. All other modules are loaded. Thaks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Professional help for Opensips
We are testing Opensips 3.2.12 after migrating from a much older version of Opensips (1.11.5 -tls). We are running into utimer and shmem issues which are taking opensips down every couple of weeks. So far we couldnt make any progress resolving them. We understand Opensips is open source and support is mostly limited to community lists, but are there any companies with opensips expertise that we can get professional (paid) help from on a case by case basis? Any recommendations? Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Help needed with the trap file
Hi,
I'm trying to find out why a utimer task is not complete:
May 17 11:04:19 opensips2 /usr/local/sbin/opensips[101616]:
WARNING:core:utimer_ticker: utimer task already scheduled
301400 ms ago (now 265202840 ms), delaying execution
(opensips.log is showing the utimer warning coming from thread 101616)
The partial trap file is below. This is my first time analyzing a trap
file, so any help is appreciated. I'm trying to find out why utimer task is
stuck. Some stuff is optimized. Do I need to see them?
What should I look for?
Thanks,
Matt
- partial trap file ---
---start 101612 (root 101612 1 0 May14 ?00:00:00
/usr/local/sbin/opensips -u root -g root -P /var/run/opensips.pid -f
/usr/local/etc/opensips/opensips.cfg -m 1024 -M 16)
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x7f1c47012f40 in __pause_nocancel () from /lib64/libpthread.so.0
#0 0x7f1c47012f40 in __pause_nocancel () from /lib64/libpthread.so.0
No symbol table info available.
#1 0x0041e4fd in main_loop () at main.c:304
startup_done =
chd_rank = 37
last_check = 0
rc =
#2 main (argc=, argv=) at main.c:916
c =
r =
tmp = 0x7fff4814af81 ""
tmp_len =
port =
proto =
protos_no =
options = 0x683110
"f:cCm:M:b:l:n:N:rRvdDFEVhw:t:u:g:p:P:G:W:o:a:k:s:"
ret = -1
seed = 3543554664
rfd =
__FUNCTION__ = "main"
[Inferior 1 (process 101612) detached]
.
---start 101616 (root 101616 101612 0 May14 ?00:05:44
/usr/local/sbin/opensips -u root -g root -P /var/run/opensips.pid -f
/usr/local/etc/opensips/opensips.cfg -m 1024 -M 16)
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x7f1c46d2bb23 in __select_nocancel () from /lib64/libc.so.6
#0 0x7f1c46d2bb23 in __select_nocancel () from /lib64/libc.so.6
No symbol table info available.
#1 0x004cdee8 in run_timer_process () at timer.c:503
drift = 0
wait =
o_tv =
comp_tv = {tv_sec = 0, tv_usec = 10}
ij = 26613140
multiple =
cnt =
tv = {tv_sec = 0, tv_usec = 75286}
uinterval = 10
#2 start_timer_processes () at timer.c:633
id =
__FUNCTION__ = "start_timer_processes"
#3 0x0041df8c in main_loop () at main.c:221
startup_done = 0x0
chd_rank = 0
last_check = 0
rc =
#4 main (argc=, argv=) at main.c:916
c =
r = 0
tmp = 0x7fff4814af81 ""
tmp_len =
port =
proto =
protos_no =
options = 0x683110
"f:cCm:M:b:l:n:N:rRvdDFEVhw:t:u:g:p:P:G:W:o:a:k:s:"
ret = -1
seed = 3543554664
rfd =
__FUNCTION__ = "main"
[Inferior 1 (process 101616) detached]
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Utimer, shmem issue
We are testing Opensips 3.2.12 (the following applied to 3.2.10 also) after migrating from a much older version of Opensips (1.11.5 -tls). The main reason for the upgrade was to be able to use TLS 1.2+. 1.11.5 used openssl, but we had major issues with it in 3.2.x, so we use wolfssl 5.5.4 which is a lot more stable. Having said that we are running into the following two issues (repeating constantly) , usually within hours of each other almost every couple of weeks (hard to tell if they are related): May 14 01:08:33 opensips2 /usr/local/sbin/opensips[156131]: WARNING:core:utimer_ticker: utimer task already scheduled 114890 ms ago (now 754899600 ms), delaying execution May 14 07:07:25 opensips2 /usr/local/sbin/opensips[156162]: ERROR:tm:t_uac: short of cell shmem May 14 07:07:25 opensips2 /usr/local/sbin/opensips[156162]: WARNING:core:fm_malloc: not enough contiguous free shm memory (1425728 bytes left, need 6720), attempting defragmentation... please increase the "-m" command line parameter! As far as utimer error, we are not calling any external processes that might take a while other than local mysql connections. This is a simple script that utilizes the dispatcher module. As far as the shmem, we used m=512 in 1.11.5 without any issues for years. For 3.2.12 we made the s_mem=1024, but that only helped a little. Any ideas? What can we look at? Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] 3.2.11 vs 3.2.10 authorization
Hi,
We are trying to upgrade from Opensips 3.2.10 to 3.2.11, but we are running
to an issue with registrations. It's the same server, same opensips cfg
file, but 3.2.10 allows/authorizes the registrations, but 3.2.11 returns
401 Unauthorized.
The code that checks the credentials is:
if (is_method("REGISTER|SUBSCRIBE")) {
$avp(password)="xyz";
if (!pv_www_authorize("")) {
www_challenge("");
exit;
};
consume_credentials();
}
Again it's same code, the same physical server. What might be causing this?
Thanks,
Matt
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Utimer delaying execution
Hi, We are in the process of upgrading to Opensips 3.2.10 (from 1.11 TLS). Opensips has run without any issues on Centos 7 for about a week, but the other day, we got the following message (many), and eventually Opensips 3.2.10 hung up/stopped processing requests: Mar 5 21:46:15 opensips2 /usr/local/sbin/opensips[123477]: WARNING:core:utimer_ticker: utimer task already scheduled 695330 ms ago (now 136521190 ms), delaying execution We use Opensips only as a dispatcher, and do not call any external processes. Opensips tables reside in a mysql database. We have used 1.11 TLS (with openssl) for many years, and never run into this issue. Init.d script is the one that comes with 3.2.10. I came across these two related issues: https://github.com/OpenSIPS/opensips/issues/1767 https://github.com/OpenSIPS/opensips/issues/1858 It seems openssl is the culprit there, but we use wolfssl. (We had major issues with openssl). Any ideas? I will run a trap when/if this happens, but I think I need to install opensips-dbg module (Centos 7), which I can't find. Any help is appreciated. Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-cli installation issue
Hi Răzvan, Thank you for your quick response. I was able to get a hold of sqlalchemy 1.3.3, and manually copy it to python3 site-packages. Opensips-cli works fine now, but I will change the requirement in setup.py and re-install it. I think that's a better option going forward. Thanks, Matt On Tue, Mar 7, 2023, 4:38 AM Răzvan Crainea wrote: > Hi, Matt! > > I think you can try bumping the sqlalchemy version [1] to one of the > supported versions, then try to manual install [2]. > > [1] https://github.com/OpenSIPS/opensips-cli/blame/master/setup.py#L70 > [2] > > https://github.com/OpenSIPS/opensips-cli/blob/master/docs/INSTALLATION.md#from-source-code > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 3/6/23 16:12, L S wrote: > > Hi, > > > > We are trying to install opensips-cli (on centos 7). > > > > It requires sqlalchemy==1.3.3, and doesn't accept 1.4.46. > > > > pip install returns: > > > > Collecting sqlalchemy==1.3.3 > >Could not find a version that satisfies the requirement > > sqlalchemy==1.3.3 (from versions: 1.3.16, 1.3.17, 1.3.18, 1.3.19, > > 1.3.20, 1.3.21, 1.3.22, 1.3.23, 1.3.24, 1.4.0b1, 1.4.0b2, 1.4.0b3, > > 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, > > 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, > > 1.4.19, 1.4.20, 1.4.21, 1.4.22, 1.4.23, 1.4.24, 1.4.25, 1.4.26, 1.4.27, > > 1.4.28, 1.4.29, 1.4.30, 1.4.31, 1.4.32, 1.4.33, 1.4.34, 1.4.35, 1.4.36, > > 1.4.37, 1.4.38, 1.4.39, 1.4.40, 1.4.41, 1.4.42, 1.4.43, 1.4.44, 1.4.45, > > 1.4.46) > > No matching distribution found for sqlalchemy==1.3.3 > > > > Any workarounds? Thanks, Matt > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] opensips-cli installation issue
Hi, We are trying to install opensips-cli (on centos 7). It requires sqlalchemy==1.3.3, and doesn't accept 1.4.46. pip install returns: Collecting sqlalchemy==1.3.3 Could not find a version that satisfies the requirement sqlalchemy==1.3.3 (from versions: 1.3.16, 1.3.17, 1.3.18, 1.3.19, 1.3.20, 1.3.21, 1.3.22, 1.3.23, 1.3.24, 1.4.0b1, 1.4.0b2, 1.4.0b3, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 1.4.19, 1.4.20, 1.4.21, 1.4.22, 1.4.23, 1.4.24, 1.4.25, 1.4.26, 1.4.27, 1.4.28, 1.4.29, 1.4.30, 1.4.31, 1.4.32, 1.4.33, 1.4.34, 1.4.35, 1.4.36, 1.4.37, 1.4.38, 1.4.39, 1.4.40, 1.4.41, 1.4.42, 1.4.43, 1.4.44, 1.4.45, 1.4.46) No matching distribution found for sqlalchemy==1.3.3 Any workarounds? Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Opensips stops responding to TLS
Hi Răzvan, Just saw your response. > Does it stop to any TLS operation, even for new ones? All TLS operations stop, no TLS traffic on Wireshark. We are using openssl 1.1.1q on Centos 7. We wanted to try wolfssl, but we had issues installing it on Centos 7. If it is more stable than openssl, we can give it another shot. Thanks, Matt On Thu, Feb 2, 2023, 6:18 AM Răzvan Crainea wrote: > Hello! > > Does it stop to any TLS operation, even for new ones? What TLS lib are > you using, openssl or wolfssl? > Are there any errors in the logs related to TLS? > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 12/30/22 16:00, L S wrote: > > One more thing: > > > > log_level=4 > > open_files_limit=32768 > > > > At the time Opensips stops responding to TLS, it seems like it stops > > writing to log file too even though it continues handling the non-TLS > SIP. > > > > Thanks. > > > > On Thu, Dec 29, 2022, 5:51 PM L S > <mailto:efes99...@gmail.com>> wrote: > > > > Just wanted to add the traffic between the client and Opensips > > below. It seems Opensips keeps on sending RESET. > > > > We have the tcp_max_connections at default value. That value (2048) > > works fine in 1.11.5. > > > > Thanks. > > > > client opensipsSSL142Client Hello > > client opensipsSSL142[TCP Retransmission] Client Hello > > opensipsclient TCP54sips > 5071 [RST] Seq=1 Win=0 Len=0 > > client opensipsSSL142[TCP Retransmission] Client Hello > > opensipsclient TCP54sips > 5064 [RST] Seq=1 Win=0 Len=0 > > client opensipsTCP74[TCP Port numbers reused] 5071 > sips [SYN] > > Seq=0 Win=8192 Len=0 MSS=1460 WS=1 > > opensipsclient TCP54sips > 5071 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 > > client opensipsTCP74[TCP Port numbers reused] 5064 > sips [SYN] > > Seq=0 Win=8192 Len=0 MSS=1460 WS=1 > > opensipsclient TCP54sips > 5064 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 > > client opensipsTCP74[TCP Port numbers reused] 5080 > sips [SYN] > > Seq=0 Win=8192 Len=0 MSS=1460 WS=1 > > > > On Thu, Dec 29, 2022, 9:27 AM L S > <mailto:efes99...@gmail.com>> wrote: > > > > Hi, > > > > We are in the process of migrating from 1.11.5 tls to 3.2.9, and > > we are running into an issue with TLS. > > > > Opensips stops handling TLS within a few minutes after it is > > started; e.g. stops responding to Client Hellos. There is no > > more outgoing TLS traffic from the Opensips server. When we > > restart Opensips, it goes back to normal for a while, then stops > > responding to TLS requests again. > > > > I don't see any errors in logs. > > The server runs Centos 7, openssl 1.1.1q. > > > > 1.11.5 works fine. > > > > Can this be a memory issue? We use S_memory 512 and P_memory 8. > > Opensips 1.11.5 works fine with the same settings. TCP > > parameters have their default values. > > > > How can we debug this? Any suggestions would be appreciated. > > > > Thanks, > > Matt > > > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS verify client
Hi,
We are upgrading from 1.11.5 tls to 3.2.9. In 1.11 we had issues with the
client certificate so we had to set the following:
# 1.11 parameters
tls_verify_server = 1
tls_verify_client = 0tls_require_client_certificate = 0
TLS works fine for us with those settings. Now we are trying to migrate
them to 3.2.9 and having issues. Just wanted to confirm
if the following is correct way to migrate those parameters to 3.2? (Just
included those parameters - the domains are set up correctly)
Server domain
modparam("tls_mgm", "verify_cert", "[dom1]0")
modparam("tls_mgm", "require_cert", "[dom1]0")
Client domain
modparam("tls_mgm", "verify_cert", "[dom2]1")
modparam("tls_mgm", "require_cert", "[dom2]1")
Thanks,
Matt
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Opensips stops responding to TLS
One more thing: log_level=4 open_files_limit=32768 At the time Opensips stops responding to TLS, it seems like it stops writing to log file too even though it continues handling the non-TLS SIP. Thanks. On Thu, Dec 29, 2022, 5:51 PM L S wrote: > Just wanted to add the traffic between the client and Opensips below. It > seems Opensips keeps on sending RESET. > > We have the tcp_max_connections at default value. That value (2048) works > fine in 1.11.5. > > Thanks. > > clientopensips SSL 142 Client Hello > clientopensips SSL 142 [TCP Retransmission] Client Hello > opensips clientTCP 54 sips > 5071 [RST] Seq=1 Win=0 Len=0 > clientopensips SSL 142 [TCP Retransmission] Client Hello > opensips clientTCP 54 sips > 5064 [RST] Seq=1 Win=0 Len=0 > clientopensips TCP 74 [TCP Port numbers reused] 5071 > sips [SYN] > Seq=0 Win=8192 Len=0 MSS=1460 WS=1 > opensips clientTCP 54 sips > 5071 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 > clientopensips TCP 74 [TCP Port numbers reused] 5064 > sips [SYN] > Seq=0 Win=8192 Len=0 MSS=1460 WS=1 > opensips clientTCP 54 sips > 5064 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 > clientopensips TCP 74 [TCP Port numbers reused] 5080 > sips [SYN] > Seq=0 Win=8192 Len=0 MSS=1460 WS=1 > > On Thu, Dec 29, 2022, 9:27 AM L S wrote: > >> Hi, >> >> We are in the process of migrating from 1.11.5 tls to 3.2.9, and we are >> running into an issue with TLS. >> >> Opensips stops handling TLS within a few minutes after it is started; >> e.g. stops responding to Client Hellos. There is no more outgoing TLS >> traffic from the Opensips server. When we restart Opensips, it goes back to >> normal for a while, then stops responding to TLS requests again. >> >> I don't see any errors in logs. >> The server runs Centos 7, openssl 1.1.1q. >> >> 1.11.5 works fine. >> >> Can this be a memory issue? We use S_memory 512 and P_memory 8. Opensips >> 1.11.5 works fine with the same settings. TCP parameters have their default >> values. >> >> How can we debug this? Any suggestions would be appreciated. >> >> Thanks, >> Matt >> > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Opensips stops responding to TLS
Just wanted to add the traffic between the client and Opensips below. It seems Opensips keeps on sending RESET. We have the tcp_max_connections at default value. That value (2048) works fine in 1.11.5. Thanks. clientopensips SSL 142 Client Hello clientopensips SSL 142 [TCP Retransmission] Client Hello opensips clientTCP 54 sips > 5071 [RST] Seq=1 Win=0 Len=0 clientopensips SSL 142 [TCP Retransmission] Client Hello opensips clientTCP 54 sips > 5064 [RST] Seq=1 Win=0 Len=0 clientopensips TCP 74 [TCP Port numbers reused] 5071 > sips [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=1 opensips clientTCP 54 sips > 5071 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 clientopensips TCP 74 [TCP Port numbers reused] 5064 > sips [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=1 opensips clientTCP 54 sips > 5064 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 clientopensips TCP 74 [TCP Port numbers reused] 5080 > sips [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=1 On Thu, Dec 29, 2022, 9:27 AM L S wrote: > Hi, > > We are in the process of migrating from 1.11.5 tls to 3.2.9, and we are > running into an issue with TLS. > > Opensips stops handling TLS within a few minutes after it is started; e.g. > stops responding to Client Hellos. There is no more outgoing TLS traffic > from the Opensips server. When we restart Opensips, it goes back to normal > for a while, then stops responding to TLS requests again. > > I don't see any errors in logs. > The server runs Centos 7, openssl 1.1.1q. > > 1.11.5 works fine. > > Can this be a memory issue? We use S_memory 512 and P_memory 8. Opensips > 1.11.5 works fine with the same settings. TCP parameters have their default > values. > > How can we debug this? Any suggestions would be appreciated. > > Thanks, > Matt > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Opensips stops responding to TLS
Hi, We are in the process of migrating from 1.11.5 tls to 3.2.9, and we are running into an issue with TLS. Opensips stops handling TLS within a few minutes after it is started; e.g. stops responding to Client Hellos. There is no more outgoing TLS traffic from the Opensips server. When we restart Opensips, it goes back to normal for a while, then stops responding to TLS requests again. I don't see any errors in logs. The server runs Centos 7, openssl 1.1.1q. 1.11.5 works fine. Can this be a memory issue? We use S_memory 512 and P_memory 8. Opensips 1.11.5 works fine with the same settings. TCP parameters have their default values. How can we debug this? Any suggestions would be appreciated. Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS verify client
Hi,
We are upgrading from 1.11.5 tls to 3.2.9. In 1.11 we had issues with the
client certificate so we had to set the following:
# 1.11 parameters
tls_verify_server = 1
tls_verify_client = 0tls_require_client_certificate = 0
TLS works fine for us with those settings. Now we are trying to migrate
them to 3.2.9 and having issues. Just wanted to confirm
if the following is correct way to migrate those parameters to 3.2? (Just
included those parameters - the domains are set up correctly)
Server domain
modparam("tls_mgm", "verify_cert", "[dom1]0")
modparam("tls_mgm", "require_cert", "[dom1]0")
Client domain
modparam("tls_mgm", "verify_cert", "[dom2]1")
modparam("tls_mgm", "require_cert", "[dom2]1")
Thanks,
Matt
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS issue
Hi Bogdan, There is definitely traffic between the phones and Opensips, but they dont seem to be establishing a working connection - handshake issue maybe? As I mentioned the phones come back up if they are rebooted. Maybe the old connections are somehow messing it up? I will look into the siptrace module. Thanks, Matt On Tue, Apr 12, 2022, 12:58 PM Bogdan-Andrei Iancu wrote: > Hi MAtt, > > HAve you tried to see if the TLS devices (1) are able to reconnect to > OpenSIPS and (2) send SIP traffic to OpenSIPS after such no-Internet event > ? Maybe you can use the siptrace module to try to capture the SIP traffic > sent to OpenSIPS via TLS. > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS eBootcamp 23rd May - 3rd June 2022 > https://opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 4/12/22 7:50 PM, L S wrote: > > We have been using Opensips 1.11 tls successfully for a while. In our > setup, Opensips is used as a dispatcher to a couple of Asterisk servers. > Some of the sip clients (mostly Cisco SPA phones) communicate with > Opensips server over TLS, some don't. > > Once in a while internet goes down and the sip clients go offline as a > result. When the connection is restored, the phones that are not on TLS > recover whereas the ones on TLS stay offline (not registering). We see the > traffic between the those phones with the Opensips server, but that traffic > doesnt look ok (encrypted so hard to tell). > > In order to get those phones online again, we need to reboot them. > > Same issue happens when the sip clients move from one internet circuit to > the other (from primary connection to secondary). Phones on TLS go offline > and do not recover unless rebooted. > > I know our version is older, but I think the issue is with our setup and > not related to a bug on Opensips. > > I appreciate some direction to resolve this issue. > > Thanks, > Matt > > ___ > Users mailing > listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS issue
We have been using Opensips 1.11 tls successfully for a while. In our setup, Opensips is used as a dispatcher to a couple of Asterisk servers. Some of the sip clients (mostly Cisco SPA phones) communicate with Opensips server over TLS, some don't. Once in a while internet goes down and the sip clients go offline as a result. When the connection is restored, the phones that are not on TLS recover whereas the ones on TLS stay offline (not registering). We see the traffic between the those phones with the Opensips server, but that traffic doesnt look ok (encrypted so hard to tell). In order to get those phones online again, we need to reboot them. Same issue happens when the sip clients move from one internet circuit to the other (from primary connection to secondary). Phones on TLS go offline and do not recover unless rebooted. I know our version is older, but I think the issue is with our setup and not related to a bug on Opensips. I appreciate some direction to resolve this issue. Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
