Re: [OpenSIPS-Users] OpenSIPS as websocket client

Sun, 05 Nov 2023 03:41:04 -0800 

Seems to be, default timeouts are too low.

By adding

modparam("proto_wss", "wss_handshake_timeout", 500)
modparam("proto_wss", "wss_tls_handshake_timeout", 500)

everything is working.

Le 02/11/2023 à 20:52, Ihor Olkhovskyi a écrit :

Hello,
I'm a bit new (to a recent versions) to OpenSIPS and trying it to act as a UDP - WebSocket proxy using it as an outbound proxy in SIP client (PJSUA, if it's important) 

Currently I'm using 3.4.2 version.
Config is quite simple, not far from default one.
...
socket=udp:0.0.0.0:6051 <http://0.0.0.0:6051>
socket=wss:0.0.0.0:9443 <http://0.0.0.0:9443>
...
loadmodule "proto_udp.so"
loadmodule "proto_tls.so"

# WebSocket part
loadmodule "proto_wss.so"

loadmodule "tls_openssl.so"
loadmodule "tls_mgm.so"

modparam("tls_mgm", "client_domain", "localhost")
modparam("tls_mgm", "certificate", "[localhost]/etc/ssl/certs/ssl-cert-snakeoil.pem") modparam("tls_mgm", "private_key", "[localhost]/etc/ssl/private/ssl-cert-snakeoil.key") modparam("tls_mgm", "ca_list", "[localhost]/etc/ssl/certs/ca-certificates.crt") 
modparam("tls_mgm", "verify_cert", "[localhost]0")
modparam("tls_mgm", "require_cert", "[localhost]0")

...
route[relay] {
    if ($socket_in(proto) == "UDP") {
        $socket_out = "wss:0.0.0.0:9443 <http://0.0.0.0:9443>";
    } else {
        $socket_out = "udp:0.0.0.0:6051 <http://0.0.0.0:6051>";
    }

    if (!t_relay()) {
        send_reply(500, "Internal Error");
    }
    exit;
}
I'm using most generic self-signed certs and just started to make some experiments. But when I'm trying just forward SIP packets to remote server, I'm getting this in the logs 

DBG:core:parse_headers: flags=ffffffffffffffff
DBG:proto_wss:proto_wss_send: no open tcp connection found, opening new one 
DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384
DBG:core:probe_max_sock_buff: using snd buffer of 416 kb
DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 4
DBG:core:print_ip: tcpconn_new: new tcp connection to: <PBX_IP_ADDRESS>
DBG:core:tcpconn_new: on port 8089, proto 6
DBG:tls_mgm:tls_find_client_domain: found TLS client domain: localhost
DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl connection
DBG:tls_openssl:openssl_tls_conn_init: Setting in CONNECT mode (client)
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
ERROR:tls_openssl:openssl_tls_blocking_write: TLS send timeout (100)
ERROR:proto_wss:ws_client_handshake: cannot start handshake
ERROR:proto_wss:ws_connect: cannot complete WebSocket handshake
DBG:core:tcpconn_destroy: destroying connection 0x7f0efb106440, flags 0038
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
NOTICE:tls_openssl:verify_callback: depth = 2, verify success
NOTICE:tls_openssl:verify_callback: depth = 1, verify success
NOTICE:tls_openssl:verify_callback: depth = 0, verify success
INFO:tls_openssl:openssl_tls_connect: New TLS connection to <PBX_IP_ADDRESS>:8089 established DBG:tls_openssl:openssl_tls_connect: new TLS connection to <PBX_IP_ADDRESS>:8089 using TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 DBG:tls_openssl:openssl_tls_connect: sending socket: 0.0.0.0:37697 <http://0.0.0.0:37697> INFO:tls_openssl:tls_dump_cert_info: tls_connect: server TLS certificate subject: /CN=*.pbx.company.domain, issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA INFO:tls_openssl:tls_dump_cert_info: tls_connect: local TLS client certificate subject: /CN=localhost, issuer: /CN=localhost 
DBG:tls_openssl:openssl_tls_write: write was successful (6 bytes)
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
DBG:tls_openssl:openssl_tls_write: write was successful (2 bytes)
DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
DBG:tls_openssl:openssl_tls_conn_shutdown: first phase of 2-way handshake completed succesfuly 
ERROR:proto_wss:proto_wss_send: connect failed
ERROR:tm:msg_send: send() to <PBX_IP_ADDRESS>:8089 for proto wss/6 failed
ERROR:tm:t_forward_nonack: sending request failed
DBG:tm:t_relay_to: t_forward_nonack returned error
Server that I'm making connections to is supporting TLS and WSS transports. If I'm changing socket type from WSS to TLS, all is working, so it's not a TLS certificate issue or something like this.
I'm pretty sure, that I'm missing something obvious, but not really getting what. 

Would be appreciated for any hints.
--
Best regards,
Ihor (Igor)
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to