[OpenSIPS-Users] Users Digest, Vol 31, Issue 9

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Feb 3 16:54:14 CET 2011 

Hi,

Try to debug your problem:
    1) does the caller client connects successfully via TLS to opensips 
? (check with netstat)
    2) does opensips gets the INVITE from caller ? (see opensips logs in 
debug 6 or place xlog() statements in script)
    3) is the INVITE routed outside ?(see opensips logs in debug 6 or 
place xlog() statements in script)

Regards,
Bogdan

abdelghafour harraz wrote:
> Hey, I got some trouble with tls support for opensips, I'm using two 
> blink softphones, and i can't get them to communicate.
> The communication between the client and the server is established, 
> but when i make calls, i got the a not found error:
>
> here's my configuration's file :
>
> -------------------------------------------------------------------------------------------------------------------
>
>
> debug=6
> log_stderror=no
> log_facility=LOG_LOCAL0
>
> children=4
>
> fork=yes
> check_via=no
> dns=no
> rev_dns=no
>
> disable_tls = no
> listen = tls:157.159.50.158:5061 <http://157.159.50.158:5061>
> listen = tcp:157.159.50.158:5062 <http://157.159.50.158:5062>
> listen = udp:157.159.50.158:5060 <http://157.159.50.158:5060>
> alias = 157.159.50.158
> tls_verify_server = 0
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate = "//etc/opensips/tls/user/user-cert.pem"
> tls_private_key = "//etc/opensips/tls/user/user-privkey.pem"
> tls_ca_list = "//etc/opensips/tls/user/user-calist.pem"
>
>
> ####### Modules Section ########
>
> #set module path
> mpath="//lib/opensips/modules/"
>
> /* uncomment next line for MySQL DB support */
> #loadmodule "db_mysql.so"
> loadmodule "signaling.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "mi_fifo.so"
> loadmodule "uri.so"
> loadmodule "acc.so"
>
>
> # ----------------- setting module-specific parameters ---------------
>
>
> # ----- mi_fifo params -----
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>
>
> # ----- rr params -----
> # add value to ;lr param to cope with most of the UAs
> modparam("rr", "enable_full_lr", 1)
> # do not append from tag to the RR (no need for this script)
> modparam("rr", "append_fromtag", 0)
>
> # ----- uri params -----
> modparam("uri", "use_uri_table", 0)
>
>
> # ----- acc params -----
> /* what sepcial events should be accounted ? */
> modparam("acc", "early_media", 1)
> modparam("acc", "report_ack", 1)
> modparam("acc", "report_cancels", 1)
> /* by default ww do not adjust the direct of the sequential requests.
>    if you enable this parameter, be sure the enable "append_fromtag"
>    in "rr" module */
> modparam("acc", "detect_direction", 0)
> /* account triggers (flags) */
> modparam("acc", "failed_transaction_flag", 3)
> modparam("acc", "log_flag", 1)
> modparam("acc", "log_missed_flag", 2)
> /* uncomment the following lines to enable DB accounting also */
> modparam("acc", "db_flag", 1)
> modparam("acc", "db_missed_flag", 2)
>
>
> ####### Routing Logic ########
>
>
> # main request routing logic
>
> route{
>
>     if (!mf_process_maxfwd_header("10")) {
>         sl_send_reply("483","Too Many Hops");
>         exit;
>     }
>
>     if (has_totag()) {
>         # sequential request withing a dialog should
>         # take the path determined by record-routing
>         if (loose_route()) {
>             if (is_method("BYE")) {
>                 setflag(1); # do accounting ...
>                 setflag(3); # ... even if the transaction fails
>             } else if (is_method("INVITE")) {
>                 # even if in most of the cases is useless, do RR for
>                 # re-INVITEs alos, as some buggy clients do change 
> route set
>                 # during the dialog.
>                 record_route();
>             }
>             # route it out to whatever destination was set by 
> loose_route()
>             # in $du (destination URI).
>             route(1);
>         } else {
>             if ( is_method("ACK") ) {
>                 if ( t_check_trans() ) {
>                     # non loose-route, but stateful ACK; must be an 
> ACK after
>                     # a 487 or e.g. 404 from upstream server
>                     t_relay();
>                     exit;
>                 } else {
>                     # ACK without matching transaction ->
>                     # ignore and discard
>                     exit;
>                 }
>             }
>             sl_send_reply("404","Not here");
>         }
>         exit;
>     }
>
>     #initial requests
>
>     # CANCEL processing
>     if (is_method("CANCEL"))
>     {
>         if (t_check_trans())
>             t_relay();
>         exit;
>     }
>
>     t_check_trans();
>
>
>     # preloaded route checking
>     if (loose_route()) {
>         xlog("L_ERR",
>         "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
>         if (!is_method("ACK"))
>             sl_send_reply("403","Preload Route denied");
>         exit;
>     }
>
>     # record routing
>     if (!is_method("REGISTER|MESSAGE"))
>         record_route();
>
>     # account only INVITEs
>     if (is_method("INVITE")) {
>         setflag(1); # do accounting
>     }
>     if (!uri==myself)
>     {
>         append_hf("P-hint: outbound\r\n");
>         route(1);
>     }
>
>
>     if (is_method("PUBLISH"))
>     {
>         sl_send_reply("503", "Service Unavailable");
>         exit;
>     }
>    
>
>     if (is_method("REGISTER"))
>     {
>
>         if (!save("location"))
>             sl_reply_error();
>
>         exit;
>     }
>
>     if ($rU==NULL) {
>         # request with no Username in RURI
>         sl_send_reply("484","Address Incomplete");
>         exit;
>     }
>
>     # apply DB based aliases (uncomment to enable)
>     ##alias_db_lookup("dbaliases");
>
>     # do lookup with method filtering
>     if (!lookup("location","m")) {
>         switch ($retcode) {
>             case -1:
>             case -3:
>                 t_newtran();
>                 t_reply("404", "Not Found");
>                 exit;
>             case -2:
>                 sl_send_reply("405", "Method Not Allowed");
>                 exit;
>         }
>     }
>
>     # when routing via usrloc, log the missed calls also
>     setflag(2);
>
>     route(1);
> }
>
>
> route[1] {
>     # for INVITEs enable some additional helper routes
>     if (is_method("INVITE")) {
>         t_on_branch("2");
>         t_on_reply("2");
>         t_on_failure("1");
>     }
>
>     if (!t_relay()) {
>         sl_reply_error();
>     };
>     exit;
> }
>
>
>
> branch_route[2] {
>     xlog("new branch at $ru\n");
> }
>
>
> onreply_route[2] {
>     xlog("incoming reply\n");
> }
>
>
> failure_route[1] {
>     if (t_was_cancelled()) {
>         exit;
>     }
>
> }
>
> -------------------------------------------------------------------------------------------------------------
>
> I gave to the client, the certificate :
>
> //etc/opensips/tls/user/user-cert.pem
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   


-- 
Bogdan-Andrei Iancu
OpenSIPS Event - expo, conf, social, bootcamp
2 - 4 February 2011, ITExpo, Miami,  USA
OpenSIPS solutions and "know-how"

More information about the Users mailing list