Thank you Bogdan, I will change it. By the way, I noticed that as soon as I added the following before the OPTIONS were sent to MS Teams. There were no CRITICAL:core:io_watch_add bug logs.
set_advertised_address("xx.xx.xx.xx"); set_advertised_port("5061"); Regards, Jehanzaib On Wed, May 25, 2022 at 7:52 PM Bogdan-Andrei Iancu <bog...@opensips.org> wrote: > Hi Jehanzaib, > > For now, to get rid of that issue, just disable the tls_async in your cfg: > > https://opensips.org/html/docs/modules/3.2.x/proto_tls.html#param_tls_async > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Summit 27-30 Sept 2022, Athens > https://www.opensips.org/events/Summit-2022Athens/ > > On 5/21/22 5:21 AM, Jehanzaib Younis wrote: > > Thank you, Ovidiu. > I Just posted my logs on github. > > Regards, > Jehanzaib > > > On Fri, May 20, 2022 at 3:02 AM Ovidiu Sas <o...@voipembedded.com> wrote: > >> Set the log_level parameter to 4 and restart opensips. Once the error >> occurs, collect all the logs from the start (from syslog) and send them to >> Razvan. >> There’s bug tracking this issue: >> https://github.com/OpenSIPS/opensips/issues/2724 >> >> For compiling tls_wolfssl, try from a clean clone. >> >> -ovidiu >> >> On Thu, May 19, 2022 at 08:08 Jehanzaib Younis <jehanzaib.ki...@gmail.com> >> wrote: >> >>> Thanks Ovidiu, >>> I just checked the source code, the same bug is also present in >>> the opensips-3.2.6 branch. I have another issue with 3.2.6. I am not able >>> to compile tls_wolfssl. No issue with 3.3 though. >>> Now I need to check what is causing this. >>> >>> I am getting the following error: >>> >>> make[1]: Entering directory `/usr/src/opensips-3.2/modules/tls_wolfssl' >>> configure: WARNING: unrecognized options: --disable-shared, >>> --enable-static >>> checking whether make supports nested variables... (cached) yes >>> ./configure: line 5259: syntax error near unexpected token `2.4.2' >>> ./configure: line 5259: `LT_PREREQ(2.4.2)' >>> make[1]: *** [lib/lib/libwolfssl.a] Error 2 >>> >>> >>> >>> Regards, >>> Jehanzaib >>> >>> >>> On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas <o...@voipembedded.com> >>> wrote: >>> >>>> Please upgrade to the latest version and see if the error persists. If >>>> yes, please run the server in debug mode and save the logs so this issue >>>> can be investigated properly. >>>> >>>> Thanks, >>>> Ovidiu >>>> >>>> On Wed, May 18, 2022 at 09:02 Jehanzaib Younis < >>>> jehanzaib.ki...@gmail.com> wrote: >>>> >>>>> Thank you Bogdan, >>>>> That helped a lot. As you mentioned I need to start only with >>>>> server_domain or client_domain. >>>>> Now I changed my config a bit as shown below: >>>>> #### (WebRTC) Client >>>>> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx") >>>>> modparam("tls_mgm", "certificate", >>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem") >>>>> modparam("tls_mgm", "private_key", >>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem") >>>>> modparam("tls_mgm", "ca_list", >>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem") >>>>> modparam("tls_mgm", "ca_dir", >>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx") >>>>> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23") >>>>> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1") >>>>> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1") >>>>> >>>>> ### This is for MS-Teams direct route >>>>> modparam("tls_mgm", "client_domain", "dom1.formsteams.com") >>>>> modparam("tls_mgm", "certificate", "[dom1.formsteams.com >>>>> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem") >>>>> modparam("tls_mgm", "private_key", "[dom1.formsteams.com >>>>> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem") >>>>> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com >>>>> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem") >>>>> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com >>>>> ]/etc/letsencrypt/live/dom1.formsteams.com") >>>>> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23") >>>>> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1") >>>>> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1") >>>>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") >>>>> >>>>> Looks like the initial handshake is fine when my server sends OPTIONS >>>>> to MSTeams. There is a bug in the code according to the logs as shown >>>>> below: >>>>> >>>>> opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map >>>>> fd=142 is not present in fd_array >>>>> (fd=142,type=19,flags=80000003,data=0x7f825805ceb8)#012#012It seems you >>>>> have hit a programming bug.#012Please help us make OpenSIPS better by >>>>> reporting it at https://github.com/OpenSIPS/opensips/issues >>>>> opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed >>>>> after successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1) >>>>> already=0 >>>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify >>>>> success >>>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify >>>>> success >>>>> opensips[23993]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS >>>>> connection to 52.114.16.74:5061 established >>>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify >>>>> success >>>>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify >>>>> success >>>>> opensips[23995]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS >>>>> connection to 52.114.76.76:5061 established >>>>> >>>>> >>>>> Regards, >>>>> Jehanzaib >>>>> >>>>> >>>>> On Wed, May 18, 2022 at 6:15 PM Bogdan-Andrei Iancu < >>>>> bog...@opensips.org> wrote: >>>>> >>>>>> Hi Jehanzaib, >>>>>> >>>>>> The sequence for the MST TLS domains is wrong. >>>>>> >>>>>> For each TLS domain block, you need to start only with a server_domain >>>>>> or client_domain - of course, different names. And for each domain you >>>>>> need >>>>>> you set the matching conditions. See >>>>>> https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param >>>>>> >>>>>> Basically something like: >>>>>> >>>>>> modparam("tls_mgm", "server_domain", "formsteams_server") >>>>>> modparam("tls_mgm", "match_ip_address", "[formsteams_server]....") >>>>>> modparam("tls_mgm", "match_sip_domain", "[formsteams_server]....") >>>>>> modparam("tls_mgm", "certificate", "[formsteams_server].....) >>>>>> .... >>>>>> >>>>>> >>>>>> modparam("tls_mgm", "client_domain", "formsteams_client") >>>>>> modparam("tls_mgm", "match_ip_address", "[formsteams_client]....") >>>>>> modparam("tls_mgm", "match_sip_domain", "[formsteams_client]....") >>>>>> modparam("tls_mgm", "certificate", "[formsteams_client].....) >>>>>> .... >>>>>> >>>>>> >>>>>> Best regards, >>>>>> >>>>>> Bogdan-Andrei Iancu >>>>>> >>>>>> OpenSIPS Founder and Developer >>>>>> https://www.opensips-solutions.com >>>>>> OpenSIPS eBootcamp 23rd May - 3rd June 2022 >>>>>> https://opensips.org/training/OpenSIPS_eBootcamp_2022/ >>>>>> >>>>>> On 5/18/22 2:38 AM, Jehanzaib Younis wrote: >>>>>> >>>>>> Hi Bogdan, >>>>>> That's the problem, when I try to add the client_domain I get an >>>>>> error. Actually, I have a working config for webrtc but now I am adding a >>>>>> new domain for MS teams direct route. In fact, any other domain gives an >>>>>> error. If I disable MS Teams domain, the opensips do not give an >>>>>> error message and my webrtc client can connect without any issue. >>>>>> >>>>>> loadmodule "tls_mgm.so" >>>>>> modparam("tls_mgm", "tls_library", "wolfssl") >>>>>> >>>>>> #### (WebRTC) Client >>>>>> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx") >>>>>> modparam("tls_mgm", "certificate", >>>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem") >>>>>> modparam("tls_mgm", "private_key", >>>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem") >>>>>> modparam("tls_mgm", "ca_list", >>>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem") >>>>>> modparam("tls_mgm", "ca_dir", >>>>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx") >>>>>> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23") >>>>>> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1") >>>>>> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1") >>>>>> >>>>>> ### This is for MS-Teams direct route >>>>>> modparam("tls_mgm", "server_domain", "dom1.formsteams.com") >>>>>> modparam("tls_mgm", "client_domain", "dom1.formsteams.com") >>>>>> modparam("tls_mgm", "certificate", "[dom1.formsteams.com >>>>>> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem") >>>>>> modparam("tls_mgm", "private_key", "[dom1.formsteams.com >>>>>> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem") >>>>>> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com >>>>>> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem") >>>>>> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com >>>>>> ]/etc/letsencrypt/live/dom1.formsteams.com") >>>>>> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23") >>>>>> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1") >>>>>> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1") >>>>>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") >>>>>> >>>>>> When i enable the MS-Teams direct route domain i get the below error: >>>>>> no certificate for tls domain ' dom1.formsteams.com ' defined >>>>>> >>>>>> >>>>>> Regards, >>>>>> Jehanzaib >>>>>> >>>>>> >>>>>> On Wed, May 18, 2022 at 3:04 AM Bogdan-Andrei Iancu < >>>>>> bog...@opensips.org> wrote: >>>>>> >>>>>>> Hi Jehanzaib, >>>>>>> >>>>>>> What are the TLS client domains you have defined in your tls_mgm >>>>>>> module ? >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Bogdan-Andrei Iancu >>>>>>> >>>>>>> OpenSIPS Founder and Developer >>>>>>> https://www.opensips-solutions.com >>>>>>> OpenSIPS eBootcamp 23rd May - 3rd June 2022 >>>>>>> https://opensips.org/training/OpenSIPS_eBootcamp_2022/ >>>>>>> >>>>>>> On 5/17/22 4:32 PM, Jehanzaib Younis wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I am having trouble to send/receive OPTIONS to ms teams. >>>>>>> Using the dispatcher module. The socket is defined as tls:*mysbcip* >>>>>>> :5061 >>>>>>> Looks like when my opensips (3.2.x) tries to send OPTIONS. it is >>>>>>> giving me the following error >>>>>>> >>>>>>> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found >>>>>>> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for >>>>>>> conn 0x7f00ef2a85a0 >>>>>>> ERROR:core:tcp_async_connect: tcp_conn_create failed >>>>>>> ERROR:proto_tls:proto_tls_send: async TCP connect failed >>>>>>> ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 >>>>>>> failed >>>>>>> ERROR:tm:t_uac: attempt to send to ' >>>>>>> sip:sip3.pstnhub.microsoft.com:5061;transport:tls' failed >>>>>>> >>>>>>> I am setting the Contact as <sip:mytlsdomain:5061;transport=tls> >>>>>>> >>>>>>> Looks like the client domain is used for outgoing TLS connection but >>>>>>> no idea which domain i need to add here. The socket is my opensips ip >>>>>>> address. >>>>>>> >>>>>>> Has anyone seen a similar kind of behaviour? >>>>>>> >>>>>>> Thank you. >>>>>>> >>>>>>> Regards, >>>>>>> Jehanzaib >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing >>>>>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@lists.opensips.org >>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>> -- >>>> VoIP Embedded, Inc. >>>> http://www.voipembedded.com >>>> _______________________________________________ >>>> Users mailing list >>>> Users@lists.opensips.org >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>> _______________________________________________ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >> -- >> VoIP Embedded, Inc. >> http://www.voipembedded.com >> _______________________________________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > _______________________________________________ > Users mailing > listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users